Performance regression for gnupg v2 keys

Werner Koch wk at gnupg.org
Thu Sep 20 16:24:01 CEST 2018


On Thu, 20 Sep 2018 15:05, fkater at posteo.net said:

> When I change the passphrase of an existing 1.x generated key with
> gpg 2.2.8, the key gets somehow updated (slow).

So this is not about the key but about the protection of the private
key.  That protection (teh passphrase) is there as a failsafe mechanism
in case the private key is leaked without the machine being compromosed
(backup take lost, etc.).

We try to achieve that this decryption process takes about 100ms; that
value can be changed at build time using the configure option
--with-agent-s2k-calibration=MSEC but not at run time.  When you change
the passphrase of an old key the first time or when you import it to gpg
the key is re-encrypted so that it takes that long.

In contrast gpg 1.4 uses a fixed value here and does not calibrate it to
the actual machine in use.  The outcome is that a gpg 1.4 created/
passphrase changes key has a too weak protection in that a dictionary
attack can be more easily mounted.

It seems that you are doing a lot of operations with that key in a row.
gpg-agent's cache will cache the unprotected key so that the 100ms to
unprotect the key is only spend once during the caching time to live (10
minutes by default).  Make sure tha the cache is enabled by checking the
options --max-cache-ttl and default-cache-ttl.  Depending on your use
case you may want to work without a passphrase (key protection) at all.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180920/2a6cf7b7/attachment.sig>


More information about the Gnupg-users mailing list