On Oct 6, 2008, at 10:54 AM, Kevin Hilton wrote:
When using gpg with the --symmetric flag (as when symmetrically
encrypting a file with a passphrase), is the passphrase salted and
hashed?
Yes. Unless you change that safe default with --s2k-mode.
Is so, how many times is it hashed, and what hashing
algorithm is used for this process?
By default, it's 65536 iterations. The hash algorithm is SHA-1,
unless you change it with --s2k-digest-algo.
Is this controlled by some
parameter in the gpg.conf file or command line flag?
--s2k-count is what you're looking for:
--s2k-count n
Specify how many times the passphrase mangling is
repeated.
This value may range between 1024 and 65011712
inclusive, and
the default is 65536. Note that not all
values in the
1024-65011712 range are legal and if an illegal
value is
selected, GnuPG will round up to the nearest legal
value. This
option is only meaningful if --s2k-mode is 3.
As always, the defaults here are safe. Don't change them unless you
know what you're doing.
David
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
