Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Apr 2015 18:41:35 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: gpg and gpg-opencl benchmarks

On Sun, Apr 12, 2015 at 05:21:36PM +0200, Frank Dittrich wrote:
> On 04/12/2015 02:41 PM, Frank Dittrich wrote:
> > man gpg says for --s2k-count:
> > 
> > 
> >        --s2k-count n
> >               Specify how many  times  the  passphrase  mangling  is
> >               repeated.   This  value  may  range  between  1024 and
> >               65011712 inclusive.  The default is inquired from gpg-
> >               agent.   Note that not all values in the 1024-65011712
> >               range are legal and if an illegal value  is  selected,
> >               GnuPG  will round up to the nearest legal value.  This
> >               option is only meaningful if --s2k-mode is 3.
> > 
> > 
> > But looking at the real code, I think the description is misleading, and
> > your observation that this count represents the number of bytes
> > processed through the specific hash algorithm is correct.
> 
> With bleeding-jumbo commit 24bc0b53dec316613551b1da078a060cb4ae091b, I
> renamed the first tunable cost from "iteration count" to "s2k-count".
> The name isn't perfect, but at least googling for "s2k-count" provides
> helpful results.

Thank you!  I've just confirmed our current understanding here:

https://tools.ietf.org/html/rfc4880#section-3.7.1.3

"  [...] The total number of octets to be hashed is specified in the
   encoded count in the S2K specifier.  Note that the resulting count
   value is an octet count of how many octets will be hashed, not an
   iteration count."

I think GnuPG documentation is wrong, and should be revised.  Both
texinfo and man.  Would you care to report this to GnuPG, perhaps along
with a documentation patch?

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ