Tuned argon2 hash parameters on better hardware than my fanless laptop.

Used a Purism Librem 13. The name generation hash was already ok,
but the key encryption key hash was quite off.

This is not a total blazing top of the line server, but that's ok;
keysafe's hashes are intended to be tuned for commodity hardware.
It should not take a user more than an hour to restore a key.

The spotAWS value is adjusted because AWS's c4.8xlarge instances run at
up to 3.5Ghz, compared with the 2.20Ghz of the Librem 13. Basically
it's one Moore's doubling ahead of the reference laptop.

1 files changed, 6 insertions, 1 deletions

diff --git a/Cost.hs b/Cost.hs
index 8936dec..c8184c1 100644
--- a/Cost.hs
+++ b/Cost.hs
@@ -50,6 +50,10 @@ estimateBruteforceOf t e = getBruteCostCalc t e
 
 data DataCenterPrice = DataCenterPrice
 	{ instanceCpuCores :: Integer
+	, instanceCpuCoreMultiplier :: Integer
+	-- ^ If the cores are twice as fast as the commodity hardware
+	-- that keysafe's cost estimates are based on, use 2 to indicate
+	-- this, etc.
 	, instanceCostPerHour :: Cents
 	}
 
@@ -57,6 +61,7 @@ data DataCenterPrice = DataCenterPrice
 spotAWS :: DataCenterPrice
 spotAWS = DataCenterPrice
 	{ instanceCpuCores = 36
+	, instanceCpuCoreMultiplier = 2
 	, instanceCostPerHour = Cents 33
 	}
 
@@ -73,7 +78,7 @@ estimateAttackCost dc opcost = centsToDollars $ costcents
 	cpuyears = cpuseconds `div` (60*60*24*365)
 	costpercpuyear = Cents $
 		fromIntegral (instanceCostPerHour dc) * 24 * 365
-			`div` instanceCpuCores dc
+			`div` (instanceCpuCores dc * instanceCpuCoreMultiplier dc)
 	costcents = Cents cpuyears * costpercpuyear
 
 newtype Cents = Cents Integer