From 5593d4cc784d989ef4e53ca985b71574f811bcc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Tue, 9 Sep 2014 09:35:18 +0200 Subject: [PATCH] Increase s2k count to 0x90 --- .../keychain/pgp/PgpKeyOperation.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index 3f5528b05..8b4f7dac9 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -119,12 +119,14 @@ public class PgpKeyOperation { * SHA256 as the hashing function, 0x10 gives you about 64 * iterations, 0x20 about 128, 0x30 about 256 and so on till 0xf0, * or about 1 million iterations. The maximum you can go to is - * 0xff, or about 2 million iterations. I'll use 0xc0 as a - * default -- about 130,000 iterations. + * 0xff, or about 2 million iterations. + * from http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html * - * http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html + * Bouncy Castle default: 0x60 + * kbsriram proposes 0xc0 + * we use 0x90, a good trade-off between usability and security against offline attacks */ - private static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x60; + private static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x90; private static final int SECRET_KEY_ENCRYPTOR_HASH_ALGO = HashAlgorithmTags.SHA256; private static final int SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO = SymmetricKeyAlgorithmTags.AES_256;