Check that s2k-count has changed
David Shaw
dshaw at jabberwocky.com
Fri Jul 8 18:31:10 CEST 2011
On Jul 8, 2011, at 10:10 AM, Chris Poole wrote:
> When changing my secret key's passphrase, I bumped up the s2k-count to
> 6553600 (I just added two zeros; I don't notice any slow down when
> decrypting on a Core2Duo).
>
> How can I confirm that this count is being used?
>
> I ran gpg --list-packets ~/.gnupg/secring.gpg, which told me a number
> for "protect count" (in the secret key packet section). Does this map
> to the number I gave on the command line when changing my passphrase?
Yes. Note that the list-packets output shows the internal packed value: 6553600 should come out to 201. The default of 65536 would encode to 96.
You might file an enhancement bug to print the decoded value in --list-packets. We already print it for symmetric encryption, and it's reasonable to print it for secret keys as well.
David
More information about the Gnupg-users
mailing list