diff --git a/agent/protect.c b/agent/protect.c
index c257861e2..9b262a978 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -159,7 +159,7 @@ calibrate_s2k_count_one (unsigned long count)
 
 
 /* Measure the time we need to do the hash operations and deduce an
-   S2K count which requires about 100ms of time.  */
+   S2K count which requires roughly some targeted amount of time.  */
 static unsigned long
 calibrate_s2k_count (void)
 {
@@ -171,11 +171,11 @@ calibrate_s2k_count (void)
       ms = calibrate_s2k_count_one (count);
       if (opt.verbose > 1)
         log_info ("S2K calibration: %lu -> %lums\n", count, ms);
-      if (ms > 100)
+      if (ms > AGENT_S2K_CALIBRATION)
         break;
     }
 
-  count = (unsigned long)(((double)count / ms) * 100);
+  count = (unsigned long)(((double)count / ms) * AGENT_S2K_CALIBRATION);
   count /= 1024;
   count *= 1024;
   if (count < 65536)
diff --git a/configure.ac b/configure.ac
index ee3aac621..b43cb60b4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -122,7 +122,6 @@ use_tls_library=no
 large_secmem=no
 show_tor_support=no
 
-
 GNUPG_BUILD_PROGRAM(gpg, yes)
 GNUPG_BUILD_PROGRAM(gpgsm, yes)
 # The agent is a required part and can't be disabled anymore.
@@ -250,6 +249,15 @@ fi
 AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,
                    [Size of secure memory buffer])
 
+AC_MSG_CHECKING([calibrated passphrase-stretching (s2k) duration])
+AC_ARG_WITH(agent-s2k-calibration,
+              AC_HELP_STRING([--with-agent-s2k-calibration=MSEC],
+                             [calibrate passphrase stretching (s2k) to MSEC milliseconds]),
+              agent_s2k_calibration=$withval, agent_s2k_calibration=100)
+AC_MSG_RESULT($agent_s2k_calibration milliseconds)
+AC_DEFINE_UNQUOTED(AGENT_S2K_CALIBRATION, $agent_s2k_calibration,
+                   [Agent s2k calibration time (ms)])
+
 AC_MSG_CHECKING([whether to enable trust models])
 AC_ARG_ENABLE(trust-models,
               AC_HELP_STRING([--disable-trust-models],