diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 3f5528b05..8b4f7dac9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -119,12 +119,14 @@ public class PgpKeyOperation {
      * SHA256 as the hashing function, 0x10 gives you about 64
      * iterations, 0x20 about 128, 0x30 about 256 and so on till 0xf0,
      * or about 1 million iterations. The maximum you can go to is
-     * 0xff, or about 2 million iterations.  I'll use 0xc0 as a
-     * default -- about 130,000 iterations.
+     * 0xff, or about 2 million iterations.
+     * from http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html
      *
-     * http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html
+     * Bouncy Castle default: 0x60
+     * kbsriram proposes 0xc0
+     * we use 0x90, a good trade-off between usability and security against offline attacks
      */
-    private static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x60;
+    private static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x90;
     private static final int SECRET_KEY_ENCRYPTOR_HASH_ALGO = HashAlgorithmTags.SHA256;
     private static final int SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO = SymmetricKeyAlgorithmTags.AES_256;