Re: Big problem - GnuPG key deleted
On Wednesday, Jul 16, 2003, at 20:18 US/Eastern, Marcus Frings wrote:
Hi Anthony.
Actually I wanted to send it to the mailing list but gmane.org let my
posting bounce because it says that it is read-only.
Hmmmm... are you using some mail-to-news reflector? If so, you could
still post by mailing to the proper @lists.debian.org address. I've
cc'd this to debian-newmaint@lists.debian.org, which I think was the
correct list.
Why should the key be compromised? The key is _almost_ compromised in
my
opinion. The thief has no use for the private key as long as he does
not
know the passphrase/is not able to recover the passphrase.
Even assuming a fully random eight-character alphanumeric ([A-Za-z0-9])
password, that's symmetric cipher on the order of (26+26+10)^8 =~ 2^47
bits. EASILY in the breakable range. Remember, the EFF brute-forced
56-bit DES in several days --- back in the mid 90's.
That pass phrase is probably worth a day at most against a determined
thief or cracker.
Of course the thief is able to encrypt messages with the
stolen key then but he can neither sign nor decrypt.
Encryption is done with the public key, so stealing the key pair was
not needed.
Reply to: