s2k-count limits

Matteo Sasso matteo.sasso at gmail.com
Thu May 6 14:43:37 CEST 2010

> I don't agree.  The main goal of the salted+iterated protection
> mechanism is to thwart dictionary+brute-force attacks on week
> passphrases.  It is a failstop mechanism and proper security design
> should never ever rely on this mechanism.

Thank you for your clarification.

So the s2k mechanism wasn't designed to compensate for a
medium-strength passphrase in symmetric encryption. If gpg implemented
something like TKS1 (used by LUKS), do you think it would make my use
case feasible without compromising security?

After all, gpg is one of the few tools to provide file encryption;
maybe it wasn't designed for this purpose, but now the net is full of
tutorials that show how to encrypt a file using gpg. This shows my use
case isn't uncommon.

More information about the Gnupg-devel mailing list