Vidiot,
If someone for a short moment has access to your private pgp key, they
*may* bring a copy back home without your knowledge. Especially if it's
someone you can only trust to do you bad things. This may or may not
happen with your (or anyone else's) knowledge. What about if we ten
years from now learns that NSA was involved in these things,
'masquerading' as a script kid?
BTW, doesn't have to be NSA. Could be one of the governments and/or
organizations that NSA would like to know everything about.
Sounds like science fiction? Maybe. We've been surprised before when
we've learnt what governments and/or institutions have done. We tend to
always learn about it 10-20 years later. Which is why we always think
that "Oh, that was horrible. Lucky we are, having a government, a
security organization or whatever-you-want that we can trust nowadays."
NSA doesn't have the control over the usage of pgp. That hurts them.
Bad. Don't believe that they will just say "Too bad, we lost that one".
Them guys in NSA (and their equivalents in other nations) do have both
the motivation and the means to do things we can only dream nightmares
about.
But then again, maybe we can trust them after all. ;-)
I'd consider the key compromised, 100%. You make your own choises, of
course. Like anyone else. And I may be overly paranoid. Who knows?
Regards
Gustav
Vidiot wrote:
>
> >Another thing to think about:
> >
> >If ever there were some private pgp keys on a compromised machine, those
> >pgp keys are to be considered as compromised as well.
> >
> >It's hard (to say the least) to crack pgp encryped data, but the private
> >key is more easy (though not trivial) to break. Of course, this depends
> >a lot on the quality of the pass phrase chosen.
> >
> >Consider the keys compromised, revoke the public key(s) and recover the
> >system. Then create new pgp key pair(s).
> >
> >Just a thought...
> >Gustav
>
> The programs that we've seen so far have not gone after PGP keys. Only to
> find other systems that can be hacked in order to build a database of machines
> for possible use in the future for denial-of-service attacks. If they were
> after data, or other mischief, people would have reported cleaned out
> machines, etc.
>
> MB
> --
> e-mail: [EMAIL PROTECTED]
> Bart: Hey, why is it destroying other toys? Lisa: They must have
> programmed it to eliminate the competition. Bart: You mean like
> Microsoft? Lisa: Exactly. [The Simpsons - 12/18/99]
> Visit - URL:http://www.vidiot.com/ (Your link to Star Trek and UPN)
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
