[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Big problem - GnuPG key deleted

On Wednesday, Jul 16, 2003, at 20:18 US/Eastern, Marcus Frings wrote:

Hi Anthony.

Actually I wanted to send it to the mailing list but gmane.org let my
posting bounce because it says that it is read-only.

Hmmmm... are you using some mail-to-news reflector? If so, you could still post by mailing to the proper @lists.debian.org address. I've cc'd this to debian-newmaint@lists.debian.org, which I think was the correct list.

Why should the key be compromised? The key is _almost_ compromised in my opinion. The thief has no use for the private key as long as he does not
know the passphrase/is not able to recover the passphrase.

Even assuming a fully random eight-character alphanumeric ([A-Za-z0-9]) password, that's symmetric cipher on the order of (26+26+10)^8 =~ 2^47 bits. EASILY in the breakable range. Remember, the EFF brute-forced 56-bit DES in several days --- back in the mid 90's.

That pass phrase is probably worth a day at most against a determined thief or cracker.

Of course the thief is able to encrypt messages with the
stolen key then but he can neither sign nor decrypt.

Encryption is done with the public key, so stealing the key pair was not needed.

Reply to: