Risk of someone else getting my secret key

How is someone getting hold of my secret key dangerous? If my password is strong enough they still won't be able to decrypt anything because they won't know the password. If it's like, 30 characters long and a random string of upper and lower case, numbers, and special characters then they won't be able to crack it. I realize it's better to keep it out of anyone's hands though, just curious as to what someone could do with it if they have it though.


Comments


[2 Points] yalldontknowjack:

BTC. If I have you private key I can regenerate your wallet, recreate a password and move your BTC. Doesn't matter how long your password is, because I will recreate the password to 123456 so I can remember.

PGP. Your password could be "password" and everyone could know, but without access to the private key, they couldn't begin to crack it.

If someone gets a hold of your BTC private keys it will be a bad day for you. You will be fine losing you pgp keys unless they know your password, or they can crack passwords. There is no reason you should give either to anyone and for any reason.


[1 Points] octomarvel:

To be definitive

=)


[1 Points] None:

How big is your PGP secret key?

Anyway, yeah symmetric key encryption with a good password is far more secure than RSA (default pgp) encryption.

To check quaility of your password open keepassx and type in your password in the new entry wizard. That's Entries>Add New Entry or Ctrl+Y.

You want at least 128 bits. Please no dictionary words! Other than that you can do what you want. Assuming no one knows what your password looks like "$$$$$$$$$$$$$$$$" is just as good as "£S$sd dkjfH09&a`".

Edit: Why? Well, RSA banks on the idea that we will never been good at factoring large numbers with a few prime factors. Symmetric key encryption assumes that jumbled up is jumbled up, we can chip away at symmetric key (so start with a big enough key and you have a safety buffer). You might wake up tomorrow and there maybe an announcement that the RSA own a quantum computer that can run shors algorithm up to 4096 bits and all GPG encryption will be broken in a heart beat.

In fact when you use public key encryption like RSA typically you encrypt a long symmetric key :) Like a DH key exchange in SSL.