-------- Original-Nachricht -------- > Datum: Sun, 09 Oct 2011 18:52:30 -0400 > Von: "Robert J. Hansen" <r...@sixdemonbag.org> > An: gnupg-users@gnupg.org > Betreff: Re: Why revoke a key?
> > Let's say I have my private key on an USB stick and lose the > > stick somewhere in public. The key is protected by the mantra. I'm > > sure, nobody knows the mantra except me. Should I revoke the key > > or could I keep on working with a copy of it? > > Depends on how strong the passphrase is. I've often said that I'm > willing to publish my private key in the _New York Times_, if someone > is willing to pay for it. > With a strong passphrase, someone getting access to your private key > is not a big deal so long as you can guarantee they will never get > access to your passphrase. How long would it take to execute a successful brute force attack on a pasphrase consisting of 12 symbols (symbols available on common keyboards)? If the attacker only got the passphrase and not the private key, I can simply change the passphrase to be secure again. Right? So I'd say my key is compromised if I think an attacker got BOTH, the passphrase AND the key. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
