GPG --symmetric option and passphrases

Kevin Hilton kevhilton at
Mon Oct 6 17:28:21 CEST 2008

>> On Mon, Oct 6, 2008 at 10:17 AM, David Shaw <dshaw at> wrote:
> On Oct 6, 2008, at 10:54 AM, Kevin Hilton wrote:
>> When using gpg with the --symmetric flag (as when symmetrically
>> encrypting a file with a passphrase), is the passphrase salted and
>> hashed?
> Yes.  Unless you change that safe default with --s2k-mode.
>>  Is so, how many times is it hashed, and what hashing
>> algorithm is used for this process?
> By default, it's 65536 iterations.  The hash algorithm is SHA-1, unless you
> change it with --s2k-digest-algo.
>>  Is this controlled by some
>> parameter in the gpg.conf file or command line flag?
> --s2k-count is what you're looking for:
>       --s2k-count n
>              Specify how many times  the  passphrase  mangling  is
>  repeated.
>              This  value  may  range between 1024 and 65011712 inclusive,
> and
>              the  default  is  65536.   Note  that  not  all  values  in
>  the
>              1024-65011712  range  are  legal  and  if  an  illegal  value
> is
>              selected, GnuPG will round up to the nearest legal value.
> This
>              option is only meaningful if --s2k-mode is 3.
> As always, the defaults here are safe.  Don't change them unless you know
> what you're doing.
> David

Thanks -- very clear explanations.  How long can the passphrase be?  I
assume it would be truncated at a particular length.  For example if I
passes a Whirlpool Hash as the passphrase, would the entire 128-digit
hexadecimal hash be used as the passphrase or would this be rounded?

Kevin Hilton

More information about the Gnupg-users mailing list