{gnupg 2.1.6} Howto change s2k cipher from AES -> AES256?

Peter Lebbing peter at digitalbrains.com
Wed Aug 5 15:45:52 CEST 2015

On 05/08/15 15:02, thomas wrote:
> My question is, why securing the private key's with sha1?

Your question begs an interesting, though pretty academical question: what would
be even more difficult to crack: SHA-512 with an s2k-count equalling 1 second on
a modern Intel PC, or SHA-1 with an s2k-count equalling 1 second on that same PC?

Because you can clearly do many more SHA-1 rounds in one second, improving its
robustness against cracking.

It depends on so many factors. For instance: What is the speedup of a massive
FPGA-based implementation relative to that PC for both cases?

I wouldn't dare to say whether SHA-1 or SHA-512 would be the "better" option. I
do dare to say that it probably doesn't actually matter, since completely
utterly unbreakable is just as unbreakable as regular unbreakable. More
importantly, the key stretching does not appear to be the weakest component of
private key encryption either (that would usually be the passphrase itself).

Why do you think a configuration option for the key stretching hash algorithm
would be useful?


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list