Change s2k count?
David Shaw
dshaw at jabberwocky.com
Thu Dec 3 18:06:03 CET 2009
On Dec 3, 2009, at 11:46 AM, Daniel Kahn Gillmor wrote:
> On 12/03/2009 10:58 AM, David Shaw wrote:
>> PGP calculates whatever count your computer can do in 1/10 of
>> a second and uses that. It seems like a reasonable solution to
>> me. If someone explicitly sets a --s2k-count, we'll use what
>> they set. If they don't, we can do the 1/10-second calculation.
>
> I like the elegance of this solution, but couldn't this calculation be
> confounded by other load on the processor? For example, if i'm
> generating a new key (or changing a passphrase) while also encoding
> video, it would be a shame if gpg were to pick a too-low value.
>
> I suppose i'm suggesting that it would be important to check times(2)
> instead of gettimeofday(2) (on POSIX systems, anyway, i dunno about
> win32), but also that it would be good to retain a lower-bound as a
> sanity check (perhaps the current value could be a lower-bound unless
> explicitly specified by the user).
There will of course be a lower bound (probably should be larger than 65536, actually).
David
More information about the Gnupg-devel
mailing list