Theoretical and maybe stupid questions about security

David Shaw dshaw at
Wed Nov 20 21:37:53 CET 2013

On Nov 20, 2013, at 1:21 PM, Josef G. Bauer <Josef.Bauer at> wrote:

> Hi,
> I wonder how easily my private key(s) ('secgring.gpg') can be cracked
> once somebody get access to it.

Not at all easily, *if* you have a good passphrase on your private key(s).

> Q: Is the password stored as an hash and can it be cracked using Rainbow
> Tables? Is it maybe salted?

In OpenPGP, a S2K (string-to-key) algorithm is used, where the passphrase entered by the user is hashed multiple times (with added salt) to transform it into the key used to decrypt the secret key.


More information about the Gnupg-users mailing list