On Nov 28, 2009, at 11:55 AM, Ciprian Dorin, Craciun wrote:
Thank you for the quick reply. (This is the kind of answer I was hopping to get. :) ) It seems that `s2k-count` escaped me. :) Maybe there should be an entry in the FAQ about this topic. Related with my question about the password bit strength there still is a vale on my eyes. So I guess (sorry for not being properly documented here): * the private / public key pair is generated by using whatever means (RSA / DSA); * my password is taken and fed into "Iterated and Salted S2K" to obtain the secret key encryption. * the private key data is taken and fed into '????' algorithm that uses as password what has been obtained at the previous step.
The "????" is CAST5, by default. You can change it with --s2k-cipher- algo. The usual s2k rules apply - if you change the s2k-cipher-algo, it won't take effect until you change the passphrase. Also, be careful you don't shoot yourself in the foot with setting the algorithm to something you can't handle. This is less of a danger than with most algorithm changing tweaks: you only have to guarantee that *you* (and not all of your correspondents) have the ability to handle the key.
So if you want your passphrase to be as strong as CAST5, you'd need a really massive passphrase. The passphrase is almost always the weakest part of this sort of system, by far.
P.S.: I'm also aware of the fact that iterations do not help at all, if a big-budget agency (NSA and the like), is going to build a hardware based brute-force key breaking, as they can build a pipeline of iteration functions that would try one key in O(1) time. :) (Or I'm wrong here?)
They're more likely to hit you with a wrench, a la http://xkcd.com/ 538/ :)
David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
