gnupg/gpg.conf: Use key stretching for private keys.

diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
index 5697d171b89b7e09d5b3fc5e219eda9395ee0389..57839ccf1b0396e2dc347d24e969fb311433204c 100644 (file)
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@@ -51,6 +51,18 @@ default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP
 cert-digest-algo SHA512
 
 
+# KEY PROTECTION
+
+# Mangle passphrases for private keys and symmetric encryption by applying a
+# hash function (s2k-digest-algo) with a salt s2k-count times (default).
+s2k-mode 3
+# Increase count. Takes ~0.5 seconds on my machine.
+s2k-count 3538944
+# Use SHA-512 as hash function. Takes a little longer than SHA-1, which is the
+# default.
+s2k-digest-algo SHA512
+
+
 # KEYSERVERS
 
 # Use the given keyserver.