I reply to myself to add a few more explanations. On Tue, 27 Oct 2020 at 11:06PM +0200, Matthieu Weber wrote: > On Tue, 27 Oct 2020 at 02:48PM -0400, TRS-80 wrote: > > Pretty quickly thereafter, both of main devs reply[2] with some > > criticisms of PGP, gpg-agent, and some other concept (KDF?) > > which I am not actually even familiar with. The following are their > > comments, which I quote in full: > > > > > droidmonkey > > > > > > Pass offers the barest minimal protections. I would never endorse > > > the product because it is very easy to expose all of your secrets to > > > any program by using gpg-agent to remember your credentials. There > > > is also no concept of a KDF so brute forcing is an option, in fact > > > their encryption method is undocumented or at least not readily > > > apparent from their website.
Regarding the use of a KDF in GPG, droidmonkey's statement is wrong, AFAICT (it may have been true at some point in the past, maybe). GPG uses one of the KDF defined in RFC 4880 according to https://github.com/gpg/gnupg/blob/master/agent/keyformat.txt#protected-private-key-format and by default uses the variant with iterative salting. If I've understood correctly what man gpg and man gpg-agent explain about the --s2k-* options, the number of iterations is chosen such that it takes 300 ms to calculate the key from the passphrase (that is the key that protects the secret key, not the secret key itself). Matthieu -- (~._.~) Matthieu Weber - [email protected] (~._.~) ( ? ) https://weber.fi.eu.org/ ( ? ) ()- -() public key id : 0x85CB340EFCD5E0B3 ()- -() (_)-(_) "Humor ist, wenn man trotzdem lacht (Otto J. Bierbaum)" (_)-(_)
signature.asc
Description: PGP signature
