From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
To: cypherpunks@toad.com
Message Hash: 62d406ea74818bf7f98644afc2470d381b45ed87dc762acbba3a72e42d3ad7dd
Message ID: <9gDH2D8w165w@bwalk.dm.com>
Reply To: <199702012055.MAA26123@toad.com>
UTC Datetime: 1997-02-02 05:50:16 UTC
Raw Date: Sat, 1 Feb 1997 21:50:16 -0800 (PST)
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Sat, 1 Feb 1997 21:50:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Key Security Question
In-Reply-To: <199702012055.MAA26123@toad.com>
Message-ID: <9gDH2D8w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain
Bill Stewart <stewarts@ix.netcom.com> writes:
> >> My computer went into the shop a few days ago, and I was unable to take
> >> my PGP keys off it before it went in. What are the security risks here?
> >> If the repairman chooses to snoop through the files, what would he be
> >> able to do with my key pair? Will I need to revoke the key and make a
> >> new one, or will I be relatively safe since he doesn't have my
> >> passphrase?
>
> Passphrases are MD5-hashed into 128-bit IDEA keys and used to
> encrypt the secret key; there's a "pgpcrack" program out there
> that does dictionary-style searches to find if you've got
> wimpy passphrases. So if your passphrases is "secret", you lose,
> but if it's "fjhw;doifvjuc-[09efiu v` 2 4rnhc;ljoipcvjpoiewujfgv;loik"
> you're probably pretty safe, unless that's written on the yellow
> sticky you left on the side of the PC.
>
> On the other hand, if the "repairman" replaced your pgp executable
> with version 2.6.3kgb, which uses your hashed passphrase as the
> session key, you're hosed. Or if he installed a keystroke sniffer,
> or added a small radio transmitter to your keyboard, or whatever.
> Depends on your threat model. If you need to be paranoid,
> they've already gotten you....
If you're really paranoid, you can boot from a clean floppy and
reinstall everything from your backup tapes. You do have a
contingency plan in case your hard disk goes bad, or gets a
virus, don't you? Well, if you're in doubt, exercise it.
---
Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Return to February 1997
Return to “ichudov@algebra.com (Igor Chudov @ home)”