diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-08-30 14:12:22 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-08-30 14:12:25 -0400 |
commit | fe975ad122c77b4936f3e28c868b056fdaf2f842 (patch) | |
tree | 3b1816d9820720c87acc3d08adcff798f53381ca | |
parent | 62a97cabd895001d4dc552823633aabe53d54358 (diff) | |
download | keysafe-fe975ad122c77b4936f3e28c868b056fdaf2f842.tar.gz |
Tuned argon2 hash parameters on better hardware than my fanless laptop.
Used a Purism Librem 13. The name generation hash was already ok,
but the key encryption key hash was quite off.
This is not a total blazing top of the line server, but that's ok;
keysafe's hashes are intended to be tuned for commodity hardware.
It should not take a user more than an hour to restore a key.
The spotAWS value is adjusted because AWS's c4.8xlarge instances run at
up to 3.5Ghz, compared with the 2.20Ghz of the Librem 13. Basically
it's one Moore's doubling ahead of the reference laptop.
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | Cost.hs | 7 | ||||
-rw-r--r-- | TODO | 1 | ||||
-rw-r--r-- | Tunables.hs | 20 |
4 files changed, 16 insertions, 13 deletions
@@ -6,6 +6,7 @@ keysafe (0.20160820) UNRELEASED; urgency=medium the input value. * Reduced object size to 32kb due to share size doubling. * Fix gpg secret key list parser to support gpg 2. + * Tuned argon2 hash parameters on better hardware than my fanless laptop. -- Joey Hess <id@joeyh.name> Mon, 22 Aug 2016 13:56:16 -0400 @@ -50,6 +50,10 @@ estimateBruteforceOf t e = getBruteCostCalc t e data DataCenterPrice = DataCenterPrice { instanceCpuCores :: Integer + , instanceCpuCoreMultiplier :: Integer + -- ^ If the cores are twice as fast as the commodity hardware + -- that keysafe's cost estimates are based on, use 2 to indicate + -- this, etc. , instanceCostPerHour :: Cents } @@ -57,6 +61,7 @@ data DataCenterPrice = DataCenterPrice spotAWS :: DataCenterPrice spotAWS = DataCenterPrice { instanceCpuCores = 36 + , instanceCpuCoreMultiplier = 2 , instanceCostPerHour = Cents 33 } @@ -73,7 +78,7 @@ estimateAttackCost dc opcost = centsToDollars $ costcents cpuyears = cpuseconds `div` (60*60*24*365) costpercpuyear = Cents $ fromIntegral (instanceCostPerHour dc) * 24 * 365 - `div` instanceCpuCores dc + `div` (instanceCpuCores dc * instanceCpuCoreMultiplier dc) costcents = Cents cpuyears * costpercpuyear newtype Cents = Cents Integer @@ -1,5 +1,4 @@ * test suite (eg, test basic storage and restore of various size data) -* tune hashes on more powerful hardware than thermal throttling laptop * improve restore progress bar points (update after every hash try) * If we retrieved enough shares successfully, but decrypt failed, must be a wrong password, so prompt for re-entry and retry with those shares. diff --git a/Tunables.hs b/Tunables.hs index 07b4c61..8d95ad5 100644 --- a/Tunables.hs +++ b/Tunables.hs @@ -86,21 +86,19 @@ defaultTunables = Tunables { shareParams = ShareParams { totalObjects = 3, neededObjects = 2 } , objectSize = 1024*32 -- 32 kb , shareOverhead = 2 - -- The nameGenerationHash was benchmarked at 661 seconds CPU time - -- on a 2 core Intel(R) Core(TM) i5-4210Y CPU @ 1.50GHz. - -- Since cost is measured per core, we double that. + -- The nameGenerationHash was benchmarked at 600 seconds + -- on a 2 core Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz. , nameGenerationTunable = NameGenerationTunable - { nameGenerationHash = argon2 10000 (CPUCost (Seconds (2*600))) + { nameGenerationHash = argon2 10000 (coreCost 2 (Seconds 600)) } , keyEncryptionKeyTunable = KeyEncryptionKeyTunable - { keyEncryptionKeyHash = argon2 115 (CPUCost (Seconds 0)) + { keyEncryptionKeyHash = argon2 2700 (CPUCost (Seconds 12)) , randomSaltBytes = 1 -- The keyEncryptionKeyHash is run 256 times per -- random salt byte to brute-force, and its parameters -- were chosen so the total brute forcing time is 50 minutes, - -- on a 2 core Intel(R) Core(TM) i5-4210Y CPU @ 1.50GHz. - -- Since cost is measured per core, we double that. - , randomSaltBytesBruteForceCost = CPUCost (Seconds (2*50*60)) + -- on a 2 core Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz. + , randomSaltBytesBruteForceCost = coreCost 2 (Seconds (50*60)) } , encryptionTunable = UseAES256 } @@ -120,12 +118,12 @@ testModeTunables = Tunables , objectSize = 1024*32 , shareOverhead = 2 , nameGenerationTunable = NameGenerationTunable - { nameGenerationHash = weakargon2 (CPUCost (Seconds (2*600))) + { nameGenerationHash = weakargon2 (coreCost 2 (Seconds 600)) } , keyEncryptionKeyTunable = KeyEncryptionKeyTunable - { keyEncryptionKeyHash = weakargon2 (CPUCost (Seconds 0)) + { keyEncryptionKeyHash = weakargon2 (CPUCost (Seconds 12)) , randomSaltBytes = 1 - , randomSaltBytesBruteForceCost = CPUCost (Seconds (2*50*60)) + , randomSaltBytesBruteForceCost = coreCost 2 (Seconds (50*60)) } , encryptionTunable = UseAES256 } |