From: Toto <toto@sk.sympatico.ca>
Date: Sat, 1 Feb 1997 08:41:08 -0800 (PST)
To: Paul Foley <mycroft@actrix.gen.nz>
Subject: Re: Key Security Question
Message-ID: <199702011641.IAA20618@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Paul Foley wrote:
 
> On Fri, 31 Jan 1997 17:51:47 -0800, Toto wrote:

>>      If the repairman has your pubring and secring files, you can now
>>    consider them in the same light as a 'busted flush'.
> 
> The secret key is encrypted using the same IDEA algorithm that PGP
> uses to encrypt your files.  If you trust IDEA, your key is as safe as
> your passphrase (not at all if you have no passphrase, not much if
> it's easily guessable, etc.)

  Send me your secring file. I have a new password-buster I'd like to
try out on it.

> If your computer repairman has the capability to crack strong 128-bit
> ciphers, I'd be rather worried :-)

  He doesn't have to crack the cipher, he only needs to find the
password.
 
> On the other hand, there's always the possibility of your passphrase
> being on the disk, say in a swap file, somewhere.  Same goes for
> plaintext of any encrypted files/messages.  I doubt anyone's gonna go
> hunting through your swap file, "empty" sectors, etc., looking for it,
> though, unless you've done something to really piss him off lately :-)

  Or if he's a member of the CypherPunks list, read the message, and now
considers it to be a personal challenge.

Toto