The correct solution would be to introduce a version 5 of the secret
key packet - this is a major change as we may also want to also
introduce a v5 public key packet for symmetry reasons. I guess this
will break a lot of code.
The hackish solution is to define a new S2K type identical to type 3
(iterated and salted) which would then trigger the use of the new
SHA-1 checksum. It should be made clear that this S2K type is only to
be used for the protection of the secret key and not for conventional
I don't like any of these solutions but the latter one is easier to
implement. Any other ideas?
I think an S2K that includes a hash is only mildly hackish, myself. I'd
support this. I'd even support an additional one that is merely salted with