No, he cannot use the private key without the passphrase. On the other
hand, it really depends. If the passphrase is long and does not resemble
anything easy to guess ("X@#Ep8ONeHyZ7a" for example), whoever stole the
private key ring will probably never be able to crack its passphrase.
But if the passphrase is based on common words found in a dictionary,
you can bet your a$$ it will be easy to crack. That's why it's very
important to set the right kind of passphrase in the beginning, one
that's hopefully alphanumeric, combined with symbols like &, %, @, and a
combination of UPPER CASE and lower case characters. Newer version of
PGP (those with GUI) will inform user if the passphrase is a good one or
not (denoted by progress bar; the longer the bar, the better the
passphrase since it's harder to crack).
There's also one more thing one can do if his private keys are stolen:
he could revoke his public keys which is used to encrypt messages. By
revoking his public keys, he's making the private keys virtually
unusable. The revoked keys should be sent to one of the public
keyserver, such as the one at <http://pgp.mit.edu>. The sent revoked
public keys will be propagated to the other keyservers automatically in
an instant.
> Subject: PGP question
> From: [EMAIL PROTECTED]
> Date: Thu, 29 Mar 2001 22:38:05 -0500
> X-Message-Number: 20
>
> Here's a crypto question:
>
> PGP private keys are stored in a keyring file on the hard disk. If an =
> intruder were able to steal the private key ring, can he use the
> private =
> key without the passphrase? Is it significantly easier to brute-force =
> the passphrase if one has the private key ring?
---
You are currently subscribed to e-gold-list as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
