Change s2k count?

Daniel Kahn Gillmor dkg at
Thu Dec 3 17:46:03 CET 2009

On 12/03/2009 10:58 AM, David Shaw wrote:
> PGP calculates whatever count your computer can do in 1/10 of 
> a second and uses that.  It seems like a reasonable solution to
> me.  If someone explicitly sets a --s2k-count, we'll use what
> they set.  If they don't, we can do the 1/10-second calculation.

I like the elegance of this solution, but couldn't this calculation be
confounded by other load on the processor?  For example, if i'm
generating a new key (or changing a passphrase) while also encoding
video, it would be a shame if gpg were to pick a too-low value.

I suppose i'm suggesting that it would be important to check times(2)
instead of gettimeofday(2) (on POSIX systems, anyway, i dunno about
win32), but also that it would be good to retain a lower-bound as a
sanity check (perhaps the current value could be a lower-bound unless
explicitly specified by the user).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091203/b0cb1491/attachment.pgp>

More information about the Gnupg-devel mailing list