Re: Big problem - GnuPG key deleted

To: Marcus Frings <protagonist@gmx.net>
Cc: debian-newmaint@lists.debian.org
Subject: Re: Big problem - GnuPG key deleted
From: Anthony DeRobertis <asd@suespammers.org>
Date: Thu, 17 Jul 2003 09:32:31 -0400
Message-id: <[🔎] 1DC86F75-B85B-11D7-9CA6-00039317863E@suespammers.org>
In-reply-to: <vita-brevis-breviter-in-brevi-finietur-mors-venit-velociter-quae-neminem-veretur-87d6garooi.fsf@gothgoose.net>


On Wednesday, Jul 16, 2003, at 20:18 US/Eastern, Marcus Frings wrote:

Hi Anthony.

Actually I wanted to send it to the mailing list but gmane.org let my
posting bounce because it says that it is read-only.

Hmmmm... are you using some mail-to-news reflector? If so, you couldstill post by mailing to the proper @lists.debian.org address. I'vecc'd this to debian-newmaint@lists.debian.org, which I think was thecorrect list.

Why should the key be compromised? The key is _almost_ compromised inmyopinion. The thief has no use for the private key as long as he doesnot
know the passphrase/is not able to recover the passphrase.

Even assuming a fully random eight-character alphanumeric ([A-Za-z0-9])password, that's symmetric cipher on the order of (26+26+10)^8 =~ 2^47bits. EASILY in the breakable range. Remember, the EFF brute-forced56-bit DES in several days --- back in the mid 90's.

That pass phrase is probably worth a day at most against a determinedthief or cracker.

Of course the thief is able to encrypt messages with the
stolen key then but he can neither sign nor decrypt.

Encryption is done with the public key, so stealing the key pair wasnot needed.

Reply to:

Prev by Date: Re: Excessive wait for DAM - something needs to be done
Next by Date: AM Summary for Florian Weimer
Previous by thread: Re: Big problem - GnuPG key deleted
Next by thread: Rejection of Jasvir Nagra.
Index(es):
- Date
- Thread