slow(&huge) password digest algorithm for GPG
Werner Koch
wk at gnupg.org
Mon Dec 13 08:40:12 CET 2004
On Sun, 12 Dec 2004 05:00:55 +0100, Bernhard Kuemel said:
> gpg needs a slow algorithm to digest the passphrase before it decrypts
> the secret key. If it takes 1 s then dictionary or brute force attacks
It does as required by OpenPGP. In fact you may even tune it to your
desire:
--s2k-digest-algo name
Use name as the digest algorithm used to mangle the
passphrases. The default algorithm is SHA-1.
--s2k-mode n
Selects how passphrases are mangled. If n is 0 a
plain passphrase (which is not recommended) will be
used, a 1 adds a salt to the passphrase and a 3 (the
default) iterates the whole process a couple of
times. Unless --rfc1991 is used, this mode is also
used for conventional encryption.
The iteration count is hardwired but easy to change
(g10/passphrase.c:1327)
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list