Change s2k count?

Werner Koch wk at gnupg.org
Fri Dec 4 12:00:42 CET 2009


On Thu, 03 Dec 2009 10:54:32 +0100, Werner Koch wrote:

> For passphrase protected secret keys, passphrase caching helps to
> avoid delays.

That is of course a wrong statement.  Passphrase caching does not help
because the passphrase is cached and not the derived protection key.

In this light a 100ms delay is too long.  I sometimes get messages
with wildcard keyids.  Thus gpg needs to do a couple of trial
decryption and for say 5 available secret keys, this adds up to 500ms
- definitely too long for quickly browsing your mails.

With gpg-agent we could implement a different way of caching but first
we need to integrate gpg2 better with gpg-agent.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list