From 5593d4cc784d989ef4e53ca985b71574f811bcc1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 9 Sep 2014 09:35:18 +0200
Subject: [PATCH] Increase s2k count to 0x90

---
 .../keychain/pgp/PgpKeyOperation.java                  | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 3f5528b05..8b4f7dac9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -119,12 +119,14 @@ public class PgpKeyOperation {
      * SHA256 as the hashing function, 0x10 gives you about 64
      * iterations, 0x20 about 128, 0x30 about 256 and so on till 0xf0,
      * or about 1 million iterations. The maximum you can go to is
-     * 0xff, or about 2 million iterations.  I'll use 0xc0 as a
-     * default -- about 130,000 iterations.
+     * 0xff, or about 2 million iterations.
+     * from http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html
      *
-     * http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html
+     * Bouncy Castle default: 0x60
+     * kbsriram proposes 0xc0
+     * we use 0x90, a good trade-off between usability and security against offline attacks
      */
-    private static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x60;
+    private static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x90;
     private static final int SECRET_KEY_ENCRYPTOR_HASH_ALGO = HashAlgorithmTags.SHA256;
     private static final int SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO = SymmetricKeyAlgorithmTags.AES_256;