On Mon, 22 Mar 2021 17:32:14 -0500, Jacob Bachmeyer via Gnupg-users <gnupg-users@gnupg.org> wrote: > The difference is that you *know* an unencrypted key is lying around at > risk of compromise, and you knowingly chose to take that risk when you > chose to store the key unencrypted.
Pardon my non-gpg-familiarity, but isn't a "weak key" completely different from a (maybe) divulged key ? AFAIK a weak key is a key that, when used, produces a result which is easier to break than what the cipher promises. In other word, this would be something specific to this very key, to the value of its components being poorly chosen, and in no way related to how it was stored/obfuscated itself. IOW, isn't this specific key one of the identified blowfish weak keys classes ? https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors Also: https://en.wikipedia.org/wiki/Weak_key Meaning not only this key, but anything it signed and/or was encrypted for (I did not check which one is affected), may be considered compromised ? -- Vincent Pelletier GPG fingerprint 983A E8B7 3B91 1598 7A92 3845 CAC9 3691 4257 B0C1 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
