GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)

M.B.Jr. marcio.barbado at
Sat Nov 28 21:07:36 CET 2009


On Sat, Nov 28, 2009 at 1:47 PM, David Shaw <dshaw at> wrote:
>>   The question is: what does GnuPG or OpenSSH do to slow down
>> password brute-force? I mean does the password derivation function use
>> some iterations? If so how many? Can I configure them? I guess so but
>> I couldn't find any data on the net on a quick search. (Any references
>> are appreciated.)
> GnuPG (really OpenPGP) does iterated password hashing.  See section 3.7.13
> "Iterated and Salted S2K" of RFC-4880 for the fine details, but the gist is
> as you surmised - the passphrase is run through many hash iterations.  This
> slows down passphrase guessers as they must also repeat the hashing part the
> same number of times.  By default, GnuPG uses 65536 iterations of the
> pasphrase hash, but can be configured via the --s2k-count option to be as
> high as 65011712 iterations.

Considering a password/passphrase, which has -- by default, its
65536th hash iteration result, locally stored for comparison.

If I adjust (via --s2k-count) my GnuPG's iterations number, will it
generate and store a new sum value for my actual passphase? Or for
this passphrase specifically, it will continue working with the number
of iterations used by the time the passphrase was created?


Marcio Barbado, Jr.

More information about the Gnupg-users mailing list