GPG --symmetric option and passphrases
dshaw at jabberwocky.com
Mon Oct 6 17:17:55 CEST 2008
On Oct 6, 2008, at 10:54 AM, Kevin Hilton wrote:
> When using gpg with the --symmetric flag (as when symmetrically
> encrypting a file with a passphrase), is the passphrase salted and
Yes. Unless you change that safe default with --s2k-mode.
> Is so, how many times is it hashed, and what hashing
> algorithm is used for this process?
By default, it's 65536 iterations. The hash algorithm is SHA-1,
unless you change it with --s2k-digest-algo.
> Is this controlled by some
> parameter in the gpg.conf file or command line flag?
--s2k-count is what you're looking for:
Specify how many times the passphrase mangling is
This value may range between 1024 and 65011712
the default is 65536. Note that not all
values in the
1024-65011712 range are legal and if an illegal
selected, GnuPG will round up to the nearest legal
option is only meaningful if --s2k-mode is 3.
As always, the defaults here are safe. Don't change them unless you
know what you're doing.
More information about the Gnupg-users