diff --git a/ChangeLog b/ChangeLog
index 42d7fca..a524199 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-12-19  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (S2KCOUNT): It's now 192, as the threat model
+	of Gnuk Token is different.
+
 2013-12-19  Niibe Yutaka  <gniibe@fsij.org>
 
 	* polarssl/library/bignum.c (mpi_montsqr): New.
diff --git a/src/openpgp.c b/src/openpgp.c
index 80c4d92..9543643 100644
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -422,7 +422,14 @@ cmd_change_password (void)
 }
 
 
-#define S2KCOUNT 65535
+#ifndef S2KCOUNT
+/*
+ * OpenPGP uses the value 65535 for the key on disk.
+ * Given the condition that the access to flash ROM is harder than disk,
+ * that is, the threat model is different, we chose the default value 192.
+ */
+#define S2KCOUNT 192
+#endif
 void
 s2k (const unsigned char *salt, size_t slen,
      const unsigned char *input, size_t ilen, unsigned char output[32])