Nils Durner <ndurner(_at_)googlemail(_dot_)com> writes:
That is certainly one of the safest options for actual passwords, but gets in
the way of symmetric keys (cheaply) being used as passphrases.
Hmm, yeah, but if you've already got a raw symmetric key (which won't need any
extra processing) I'd lean towards having it identified as such rather than
overloading a password-processing mechanism for it. In other words make the
use for symmetric key transport explicit rather than relying on the
implementer to somehow know that S2K type X is meant to be used for symkey
transport.
So perhaps have type 4 = Argon2, type 5 = symmetric key transport, with a
safety note added to say that it's meant for randomly-generated symmetric keys
that are already, in effect, in the post-S2K state.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp