On Dec 9, 2009, at 5:20 PM, Jon Callas wrote:
The PGP product calibrates the iteration count on the running machine to hit
~1/10 second. I ran it on my laptop and got an iteration count of 1835008
(coded count 172).
So to sum up -- why are you even debating about increasing the iteration
count?
It wasn't much of a debate. Summarized, the debate was: "Hey, this s2k count
is kind of small for modern processors". "Yes, let's make it bigger". The
current plan is to borrow the 1/10 second metric from PGP, as a default. Users
can override it if they need to, but I doubt there will be very much need to
override.
I'm not in favor of adding a new s2k function, except *maybe* as a piece of a
future v5 key format, which at least avoids some of the preferences and
backwards compatibility issues.
David