[pass] Feature requests: scrypt key derivation / salts

Jonas Wagner j.b.w at gmx.ch
Sat Dec 28 09:36:06 CET 2013


Hi again,

>
> This makes sense. Probably the functionality could be (or is) built into
> GPG? I read in the documentation that there are several "string-to-key"
> functions for converting passphrases to encryption keys. There is an
> iterated variant, but I don't know whether it is being used and how the
> iteration count is being determined. I might ask on GPG's mailing list.
>

According to
http://lists.gnupg.org/pipermail/gnupg-users/2009-November/037760.html ,
GPG keys are protected as follows: The passphrase is run through 65536
iterations of hashing before being used as key for encrypting the secret
key using CAST5. These defaults can be changed using the --s2k-count and
--s2k-cipher-algo options.

Cheers,
Jonas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20131228/3d52481a/attachment.html>


More information about the Password-Store mailing list