Anybody with a graphics card can write a script that tries 10,000 passwords per minute. My session keys are always the same length. Using session keys of the same length reduces the number of possible combinations that a brute forcing hacker would have to try.

I would like for GPG to randomly choose a length for each session key from a range such as [x...x+12] where x = the minimum length that a session key may be, x+12 = a length that is twelve characters greater than x, and ... = every length between x and x+12, e.g., x+1, x+2, x+3.

In addition, I would like for our session keys to be longer. Including a range of possible lengths and extending the length of our session keys increases the difficulty of brute forcing them.

This is necessary in order to keep pace with the growing capabilities of malicious actors. Hackers can acquire dozens of computers and leave them running 24/7 for more than a year.

Lastly, I would like for you to make this a software update for legacy versions because there are a lot of users of legacy versions of your application and they are not protected.