From 2c7a03d54b7d5bf714f662ab266840600f7b32ae Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 30 Jul 2009 16:45:06 +0000
Subject: Comment changes. Changed --learn-card.

---
 g10/passphrase.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'g10/passphrase.c')

diff --git a/g10/passphrase.c b/g10/passphrase.c
index d34f5fa92..83a6b0cf8 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -88,6 +88,10 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
                 count = len2;
 	    }
 
+          /* Fixme: To avoid DoS attacks by sending an sym-encrypted
+             packet with a very high S2K count, we should either cap
+             the iteration count or CPU seconds based timeout.  */
+
           /* A little bit complicated because we need a ulong for count. */
           while ( count > len2 )  /* maybe iterated+salted */
             { 
-- 
cgit v1.2.3