Change s2k count?

Robert J. Hansen rjh at
Thu Dec 3 22:26:01 CET 2009

Daniel Kahn Gillmor wrote:
> actually, i think getting as high a count as possible is a good goal,
> based on a few assumptions:

By the same reasoning, everyone should be using RSA-4096 for their keys.

>  0) we're talking about secret key material, which is to be
> symmetrically-encrypted with the user's passphrase.


>  1) such secret key material is very rarely legitimately transferred
> between machines.


>  2) a delay of 0.1 seconds between passphrase entry and access to the
> secret key is an acceptable delay in the case of legitimate use of the key.

Substitute in "a delay of 0.1 seconds for each encryption/decryption"
and this applies.

>  3) if the encrypted key is somehow transferred off the machine, we want
> it to be as expensive as possible to brute force the symmetric encryption.

Substitute in "we want it to be as expensive as possible to brute force
the encrypted message" and this applies.

... Of course, not everyone should be using RSA-4096.  2k keys are
appropriate for the overwhelming majority of users.  The point is not to
get the highest numbers possible.  The point is to satisfy the
conditions of the local security policy.

More information about the Gnupg-devel mailing list