Talking about Cryptodevices... which one?

NIIBE Yutaka gniibe at
Fri Jan 30 01:26:13 CET 2015

On 2015-01-30 10:46 +0900, NIIBE Yutaka wrote:
> specification (and with SHA256).  It's default s2kcount is 192 as the
> MCU is slow enough, but you can configure it at compile time (like
> 65535 for host PC, or more).

On 01/30/2015 04:39 AM, NdK wrote:
> Uh, I think this exposes a weakness: if the attacker "somehow" accesses
> the EEPROM and reads encrypted key material, a low s2k count means he
> can recover plain key material quite faster than with more iterations.

You know (unconsciously, perhaps) and wrote "EEPROM", while it's Flash
ROM for Gnuk on FST-01.

192 is low.  That's somehow intentional artifact by me, so that people
can catch it to consider.  In our culture, it's not deliberately mean,
but a kind of communication tool.

Should we have configure time option for that, so that a person won't
need to edit manually?  Let's discuss on the gnuk-users mailing list.

For the data on some EEPROM, weaker key derivation function is on
active service, or even there is no key derivation function, I

More information about the Gnupg-users mailing list