Change s2k count?
dshaw at JABBERWOCKY.COM
Thu Dec 3 16:58:02 CET 2009
On Dec 3, 2009, at 4:54 AM, Werner Koch wrote:
> I doubt that keeping highly confidential keys on a smartphone is a
> good idea at all. On most devices (notable exception is the Neo
> Freerunner) you don't entirely control the device due to malware and
> the phone system operator's ability to gain access to it.
Not wise, I agree. But people do keep all sorts of stuff on their phone. I seem to recall that the Blackberry has an OpenPGP client that keeps keys locally (if someone knows one way or the other for sure, please jump in).
>> dropping. If 65536 was the right value for 11 years ago, we
>> probably could do with a brief discussion on whether we should raise
>> it for today (and if so, how much).
> I agree. I heard that PGP measures the performance during key
> generation and selects the S2K count depending on that value. Most
> people are using their keys on just one machine and thus it would fit
> their needs. If they are switching to another hardware they can
> easily change the passphrase and thus use a new S2K count.
PGP calculates whatever count your computer can do in 1/10 of a second and uses that. It seems like a reasonable solution to me. If someone explicitly sets a --s2k-count, we'll use what they set. If they don't, we can do the 1/10-second calculation.
More information about the Gnupg-devel