lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 18 Oct 2014 10:27:31 -0400 (EDT)
From:	Paolo Bonzini <>
To:	Linus Torvalds <>,
	Gleb Natapov <>,
	Christoffer Dall <>,
	Christian Borntraeger <>,
	Cornelia Huck <>,
	Marc Zyngier <>,
	Alexander Graf <>,
	Avi Kivity <>,, Laszlo Ersek <>
Cc:	KVM list <>,
	Linux Kernel Mailing List <>,
Subject: new GPG key

Hash: SHA1

My backpack was stolen in Dusseldorf airport. I have started changing
passwords, and will also revoke my current GPG key soon. If you have
signed my previous key, or if you have an account on, please
contact me so that I can have my new key signed soon.

Advice to people that use GPG routinely... If you are not doing it yet,
do the following, in increasing order of importance:

0) do not forget that you need a way to create a revocation certificate
(of course I had no problem with this). Paper, isolated machine (my
choice), USB key, whatever, but do it.

1) never put any 2-factor authentication tokens (which includes
phones!) in your backpack. Luckily I had my token and passport on
myself. Everything would have been **extremely** more complicated if
I hadn't. It also makes two factor authentication much more effective,
since a laptop after all is one of the easiest things to steal.

2) in addition to the usual encryption subkey, create one for signing
and use that instead of the master key; 3) put the master key on a USB
key, and replace it with a stub. These two steps are very easy to do and
enough to avoid having to rebuild the whole trust chain. Unfortunately,
it was on my todo list for, ehm, next week.

4) No, putting the master key and revocation certificate on the same
USB key is not a good idea.

5) Get a smartcard or a Yubikey NEO and put the subkeys on it; replace
subkeys with stubs on your usual working machines, especially laptops. It
gives you two factor authentication for free, and can also be used for
SSH if you add a third subkey.

This tutorial covers most of the above steps:

Thanks for your understanding,

Version: GnuPG v2.0.22 (GNU/Linux)

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists