Why revoke a key?

Jan Janka takethebus at gmx.de
Mon Oct 10 23:29:57 CEST 2011


-------- Original-Nachricht --------
> Datum: Sun, 09 Oct 2011 18:52:30 -0400
> Von: "Robert J. Hansen" <rjh at sixdemonbag.org>
> An: gnupg-users at gnupg.org
> Betreff: Re: Why revoke a key?

> > Let's  say  I  have my private key on an USB stick and lose the
> > stick somewhere in public. The key is protected by the mantra. I'm
> > sure, nobody knows the mantra except  me. Should I revoke the key
> > or could I keep on working with a copy of it?
> 
> Depends on how strong the passphrase is.  I've often said that I'm
> willing to publish my private key in the _New York Times_, if someone
> is willing to pay for it.

> With a strong passphrase, someone getting access to your private key
> is not a big deal so long as you can guarantee they will never get
> access to your passphrase.

How long would it take to execute a successful brute force attack on a pasphrase consisting of 12 symbols (symbols available on common keyboards)? 

If the attacker only got the passphrase and not the private key, I can simply change the passphrase to be secure again. Right? So I'd say my key is compromised if I think an attacker got BOTH, the passphrase AND the key. 





More information about the Gnupg-users mailing list