No, he cannot use the private key without the passphrase. On the other
hand, it really depends. If the passphrase is long and does not resemble
anything easy to guess ("X@#Ep8ONeHyZ7a" for example), whoever stole the
private key ring will probably never be able to crack its passphrase.
But if the passphrase is based on common words found in a dictionary,
you can bet your a$$ it will be easy to crack. That's why it's very
important to set the right kind of passphrase in the beginning, one
that's hopefully alphanumeric, combined with symbols like &, %, @, and
contained both UPPER CASE and lower case characters. Newer version of
PGP (those with GUI) will inform user if the passphrase is a good one or
not (denoted by a progress bar; the longer the bar, the better the
passphrase since it's harder to crack).
There's also one more thing one can do if his private key is stolen: he
could revoke his public key which is used to encrypt messages. By
revoking his public key, he's making the private key, which is used to
decrypt messages, virtually unusable. The revoked key should be sent to
one of the public keyserver, such as the one at <http://pgp.mit.edu> or
<http://certserver.pgp.com>. By doing this, the owner of stolen private
keys ensures that everyone could see that the public key has been
revoked, therefore it shouldn't be used.
FS
> Subject: PGP question
> From: [EMAIL PROTECTED]
> Date: Thu, 29 Mar 2001 22:38:05 -0500
> X-Message-Number: 20
>
> Here's a crypto question:
>
> PGP private keys are stored in a keyring file on the hard disk. If an =
> intruder were able to steal the private key ring, can he use the
> private =
> key without the passphrase? Is it significantly easier to brute-force =
> the passphrase if one has the private key ring?
---
You are currently subscribed to e-gold-list as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
