Change key prefs; few questions

Chris Poole lists at
Sun Jul 3 18:15:07 CEST 2011

On Sun, Jul 3, 2011 at 4:45 PM, David Shaw <dshaw at> wrote:
> There are some obscure edge cases where you must have a 3DES or AES encrypted
> private key, but for the overwhelming majority of people, no, there is no
> reason to do this.  The default (CAST5) is quite strong (which the original
> poster acknowledged).  It's just helpful to know what the "knobs" are to
> understand how something as complex as OpenPGP is put together.

Exactly, it's just good to know. I won't bother changing the cipher or count,
but this leaves me with one final question:

In a few years, assuming GPUs are faster than ever, Moore's law is still on
track, and all that; should I change the number of iterations with --s2k-count?
The default 65536 is probably fine for now, but it'll certainly end up being too
slow. gpg won't do this for me, or counteract this in another way?



More information about the Gnupg-users mailing list