From: Eric Murray <ericm@lne.com>
To: Alan Olsen <alan@ctrl-alt-del.com>
Message Hash: baf56f3bdb1098f28ee845ce0bff9f9fb703a3fd18e69175dddf4c6fc14938b8
Message ID: <199702012357.PAA00605@toad.com>
Reply To: N/A
UTC Datetime: 1997-02-01 23:57:34 UTC
Raw Date: Sat, 1 Feb 1997 15:57:34 -0800 (PST)
From: Eric Murray <ericm@lne.com>
Date: Sat, 1 Feb 1997 15:57:34 -0800 (PST)
To: Alan Olsen <alan@ctrl-alt-del.com>
Subject: Re: Key Security Question
Message-ID: <199702012357.PAA00605@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
Alan Olsen writes:
> At 10:41 AM 1/31/97 -0800, Z.B. wrote:
> >My computer went into the shop a few days ago, and I was unable to take
> >my PGP keys off it before it went in. What are the security risks here?
> >If the repairman chooses to snoop through the files, what would he be
> >able to do with my key pair? Will I need to revoke the key and make a
> >new one, or will I be relatively safe since he doesn't have my
> >passphrase?
>
> Depends on how guessable your passphrase is. If you use something that would
> fall to a dictionary attack, then you are vulnerable. (Providing that they
> actually looked for your keyring and made a copy.)
>
> If you had nyms on your keyring, then those nyms can be associated with your
> "true name" with no passphrase required. (Unless you keep your keyring
> encrypted. Private Idaho supports encrypted keyrings, but little else does.)
Other attacks would be installing a keyboard sniffer, replacing your
PGP binary with a trojan that records your passphrase, etc.
This sort of stuff is quite possible but not likely. Yet.
> If you are really concerned about it, you could learn to do your own computer
> repairs.
Or put your PGP keys on removeable media.
--
Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Return to February 1997
Return to “Eric Murray <ericm@lne.com>”
1997-02-01 (Sat, 1 Feb 1997 15:57:34 -0800 (PST)) - Re: Key Security Question - Eric Murray <ericm@lne.com>