On 3/5/12 12:12 PM, auto15963...@hushmail.com wrote: > I am 99.9% sure no one has gotten access to my machine or my keys.
Whenever anyone ascribes 99.9% certainty to a belief, my knee-jerk reaction is to think the only 99.9% certainty is they've got the wrong confidence interval. :) There are really only a few possibilities here: 1. User error. You did it yourself by accident and didn't realize it. 2. Someone has access to your private key and passphrase and revoked your user ID. 3. GnuPG has a critical, showstopper bug. 4. The algorithm you used has a critical cryptographic flaw that someone exploited. I can't tell you how likely #1 or #2 are, but #s 3 and 4 both seem like fairly low-probability events. I would begin by checking to see if either #1 or #2 are in fact the case. If you want me to believe #3 or #4 are the case, you're first going to have to convince me it could not have been #1 or #2. I'll let other people answer the question of what data can be pulled out of a revocation signature: this is a part of the spec I'm not entirely up on. It's possible someone's got some way to do interesting forensics on revocations that I don't know about. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users