Change s2k count?

David Shaw dshaw at JABBERWOCKY.COM
Thu Dec 3 16:58:02 CET 2009

On Dec 3, 2009, at 4:54 AM, Werner Koch wrote:

> I doubt that keeping highly confidential keys on a smartphone is a
> good idea at all.  On most devices (notable exception is the Neo
> Freerunner) you don't entirely control the device due to malware and
> the phone system operator's ability to gain access to it.

Not wise, I agree.  But people do keep all sorts of stuff on their phone.  I seem to recall that the Blackberry has an OpenPGP client that keeps keys locally (if someone knows one way or the other for sure, please jump in).

>> dropping.  If 65536 was the right value for 11 years ago, we
>> probably could do with a brief discussion on whether we should raise
>> it for today (and if so, how much).
> I agree.  I heard that PGP measures the performance during key
> generation and selects the S2K count depending on that value.  Most
> people are using their keys on just one machine and thus it would fit
> their needs.  If they are switching to another hardware they can
> easily change the passphrase and thus use a new S2K count.

PGP calculates whatever count your computer can do in 1/10 of a second and uses that.  It seems like a reasonable solution to me.  If someone explicitly sets a --s2k-count, we'll use what they set.  If they don't, we can do the 1/10-second calculation.


More information about the Gnupg-devel mailing list