>> On Mon, Oct 6, 2008 at 10:17 AM, David Shaw <[EMAIL PROTECTED]> wrote: > On Oct 6, 2008, at 10:54 AM, Kevin Hilton wrote: > >> When using gpg with the --symmetric flag (as when symmetrically >> encrypting a file with a passphrase), is the passphrase salted and >> hashed? > > Yes. Unless you change that safe default with --s2k-mode. > >> Is so, how many times is it hashed, and what hashing >> algorithm is used for this process? > > By default, it's 65536 iterations. The hash algorithm is SHA-1, unless you > change it with --s2k-digest-algo. > >> Is this controlled by some >> parameter in the gpg.conf file or command line flag? > > --s2k-count is what you're looking for: > > --s2k-count n > Specify how many times the passphrase mangling is > repeated. > This value may range between 1024 and 65011712 inclusive, > and > the default is 65536. Note that not all values in > the > 1024-65011712 range are legal and if an illegal value > is > selected, GnuPG will round up to the nearest legal value. > This > option is only meaningful if --s2k-mode is 3. > > As always, the defaults here are safe. Don't change them unless you know > what you're doing. > > David >
Thanks -- very clear explanations. How long can the passphrase be? I assume it would be truncated at a particular length. For example if I passes a Whirlpool Hash as the passphrase, would the entire 128-digit hexadecimal hash be used as the passphrase or would this be rounded? -- Kevin Hilton _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
