Improving Our Session Keys - Feature Request

JustAnotherGPGFan's Avatar


14 Dec, 2022 07:15 PM

Anybody with a graphics card can write a script that tries 10,000 passwords per minute. My session keys are always the same length. Using session keys of the same length reduces the number of possible combinations that a brute forcing hacker would have to try.

I would like for GPG to randomly choose a length for each session key from a range such as [x...x+12] where x = the minimum length that a session key may be, x+12 = a length that is twelve characters greater than x, and ... = every length between x and x+12, e.g., x+1, x+2, x+3.

In addition, I would like for our session keys to be longer. Including a range of possible lengths and extending the length of our session keys increases the difficulty of brute forcing them.

This is necessary in order to keep pace with the growing capabilities of malicious actors. Hackers can acquire dozens of computers and leave them running 24/7 for more than a year.

Lastly, I would like for you to make this a software update for legacy versions because there are a lot of users of legacy versions of your application and they are not protected.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac