Change s2k count?

David Shaw dshaw at
Thu Dec 3 18:06:03 CET 2009

On Dec 3, 2009, at 11:46 AM, Daniel Kahn Gillmor wrote:

> On 12/03/2009 10:58 AM, David Shaw wrote:
>> PGP calculates whatever count your computer can do in 1/10 of 
>> a second and uses that.  It seems like a reasonable solution to
>> me.  If someone explicitly sets a --s2k-count, we'll use what
>> they set.  If they don't, we can do the 1/10-second calculation.
> I like the elegance of this solution, but couldn't this calculation be
> confounded by other load on the processor?  For example, if i'm
> generating a new key (or changing a passphrase) while also encoding
> video, it would be a shame if gpg were to pick a too-low value.
> I suppose i'm suggesting that it would be important to check times(2)
> instead of gettimeofday(2) (on POSIX systems, anyway, i dunno about
> win32), but also that it would be good to retain a lower-bound as a
> sanity check (perhaps the current value could be a lower-bound unless
> explicitly specified by the user).

There will of course be a lower bound (probably should be larger than 65536, actually).


More information about the Gnupg-devel mailing list