GnuPG private key resilience against off-line brute-force attacks (was: Re: Backup of private key)
David Shaw
dshaw at jabberwocky.com
Sat Nov 28 22:28:34 CET 2009
On Nov 28, 2009, at 3:07 PM, M.B.Jr. wrote:
> Hi,
>
>
> On Sat, Nov 28, 2009 at 1:47 PM, David Shaw <dshaw at jabberwocky.com>
> wrote:
>>> The question is: what does GnuPG or OpenSSH do to slow down
>>> password brute-force? I mean does the password derivation function
>>> use
>>> some iterations? If so how many? Can I configure them? I guess so
>>> but
>>> I couldn't find any data on the net on a quick search. (Any
>>> references
>>> are appreciated.)
>>
>> GnuPG (really OpenPGP) does iterated password hashing. See section
>> 3.7.13
>> "Iterated and Salted S2K" of RFC-4880 for the fine details, but the
>> gist is
>> as you surmised - the passphrase is run through many hash
>> iterations. This
>> slows down passphrase guessers as they must also repeat the hashing
>> part the
>> same number of times. By default, GnuPG uses 65536 iterations of the
>> pasphrase hash, but can be configured via the --s2k-count option to
>> be as
>> high as 65011712 iterations.
>
>
> Considering a password/passphrase, which has -- by default, its
> 65536th hash iteration result, locally stored for comparison.
>
> If I adjust (via --s2k-count) my GnuPG's iterations number, will it
> generate and store a new sum value for my actual passphase? Or for
> this passphrase specifically, it will continue working with the number
> of iterations used by the time the passphrase was created?
The s2k-count is only used when creating the passphrase for the first
time (and that applies to both creating a new secret key as well as
encrypting something with a passphrase via --symmetric). If you want
to change the s2k-count of an existing secret key, you need to set the
new s2k-count and then change the passphrase. You can "change" it to
the same passphrase if you like - it's the creation of a new
passphrase-to-key that picks up the new s2k-count.
David
More information about the Gnupg-users
mailing list