aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain/src
diff options
context:
space:
mode:
Diffstat (limited to 'OpenKeychain/src')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java10
1 files changed, 6 insertions, 4 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 3f5528b05..8b4f7dac9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -119,12 +119,14 @@ public class PgpKeyOperation {
* SHA256 as the hashing function, 0x10 gives you about 64
* iterations, 0x20 about 128, 0x30 about 256 and so on till 0xf0,
* or about 1 million iterations. The maximum you can go to is
- * 0xff, or about 2 million iterations. I'll use 0xc0 as a
- * default -- about 130,000 iterations.
+ * 0xff, or about 2 million iterations.
+ * from http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html
*
- * http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html
+ * Bouncy Castle default: 0x60
+ * kbsriram proposes 0xc0
+ * we use 0x90, a good trade-off between usability and security against offline attacks
*/
- private static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x60;
+ private static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x90;
private static final int SECRET_KEY_ENCRYPTOR_HASH_ALGO = HashAlgorithmTags.SHA256;
private static final int SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO = SymmetricKeyAlgorithmTags.AES_256;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 06:24:25 +0000