Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150412154135.GA24618@openwall.com>
Date: Sun, 12 Apr 2015 18:41:35 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: gpg and gpg-opencl benchmarks

On Sun, Apr 12, 2015 at 05:21:36PM +0200, Frank Dittrich wrote:
> On 04/12/2015 02:41 PM, Frank Dittrich wrote:
> > man gpg says for --s2k-count:
> > 
> > 
> >        --s2k-count n
> >               Specify how many  times  the  passphrase  mangling  is
> >               repeated.   This  value  may  range  between  1024 and
> >               65011712 inclusive.  The default is inquired from gpg-
> >               agent.   Note that not all values in the 1024-65011712
> >               range are legal and if an illegal value  is  selected,
> >               GnuPG  will round up to the nearest legal value.  This
> >               option is only meaningful if --s2k-mode is 3.
> > 
> > 
> > But looking at the real code, I think the description is misleading, and
> > your observation that this count represents the number of bytes
> > processed through the specific hash algorithm is correct.
> 
> With bleeding-jumbo commit 24bc0b53dec316613551b1da078a060cb4ae091b, I
> renamed the first tunable cost from "iteration count" to "s2k-count".
> The name isn't perfect, but at least googling for "s2k-count" provides
> helpful results.

Thank you!  I've just confirmed our current understanding here:

https://tools.ietf.org/html/rfc4880#section-3.7.1.3

"  [...] The total number of octets to be hashed is specified in the
   encoded count in the S2K specifier.  Note that the resulting count
   value is an octet count of how many octets will be hashed, not an
   iteration count."

I think GnuPG documentation is wrong, and should be revised.  Both
texinfo and man.  Would you care to report this to GnuPG, perhaps along
with a documentation patch?

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.