Hi!
Ramon Loureiro schrieb:
Is it possible for these users to hack my secret key?
If they have got it, can they use some kind of brute force system to
guess my pass phrase?
Yes. If they can read your private keyring, they can start to
brute-force your passphrase.
You should make sure that 1) they cannot read the private key - seperate
user accounts with limited priviledges is the key here and 2) your
passphrase is secure enough to frustrate anybody trying to crack it.
However, be aware that those other users might also be able to exploit
security holes in the system in order to install keyloggers or similar,
eliminatine the protection that your passphrase offers.
What will be the best option in this scenario?
Having the secret key on my USB drive?
Having the key on a USB drive is probably secure enough if you do not
take into account malicious software on the system you want to use it on.
If you must assume that there could be keyloggers/etc. be installed on
the system (by other users or remote attackers), your best bet is
probably the OpenPGP smartcard, which will keep your key safe.
NB that there are some "probably"s in my answer -- it all really depends
on your threat model (i.e. how far are people willing to go to grab hold
of your private key). It also depends on how you want to balance
usability and security against each other.
In many cases, having the key in one's home directory unreadable by
others could be good enough already. In other cases, even having a
smartcard-reader with autonomous PIN-pad won't be secure.
HTH, Sven
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
