Change s2k count?
Werner Koch
wk at gnupg.org
Mon Dec 14 20:20:18 CET 2009
Hi!
I just implemented the dynamic S2K count for gpg-agent protected keys;
i.e. for gpgsm. Similar to gpg we used used 65536 here. The changes
are in the 2.0 branch and in the trunk. The plan for gpg is to move
the secret keys to the gpg-agent key storage and thus they will
automatically take advantage of the new feature. You may test it
using this command:
$ ./gpg-protect-tool --s2k-calibration -vv
gpg-protect-tool: S2K calibration: 65536 -> 0ms
gpg-protect-tool: S2K calibration: 131072 -> 0ms
gpg-protect-tool: S2K calibration: 262144 -> 0ms
gpg-protect-tool: S2K calibration: 524288 -> 10ms
gpg-protect-tool: S2K calibration: 1048576 -> 20ms
gpg-protect-tool: S2K calibration: 2097152 -> 50ms
gpg-protect-tool: S2K calibration: 4194304 -> 90ms
gpg-protect-tool: S2K calibration: 8388608 -> 170ms
gpg-protect-tool: S2K calibration: 4933632 iterations for 90ms
Note that this iteration count may not be mapped to the OpenPGP 1 byte
value. The future secret-key export command requires to enter the
passphrase anyway (we use a slightly different protection scheme) and
thus we can re-protect it for export.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list