diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-08-30 14:12:22 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-08-30 14:12:25 -0400 |
commit | fe975ad122c77b4936f3e28c868b056fdaf2f842 (patch) | |
tree | 3b1816d9820720c87acc3d08adcff798f53381ca /Cost.hs | |
parent | 62a97cabd895001d4dc552823633aabe53d54358 (diff) | |
download | keysafe-fe975ad122c77b4936f3e28c868b056fdaf2f842.tar.gz |
Tuned argon2 hash parameters on better hardware than my fanless laptop.
Used a Purism Librem 13. The name generation hash was already ok,
but the key encryption key hash was quite off.
This is not a total blazing top of the line server, but that's ok;
keysafe's hashes are intended to be tuned for commodity hardware.
It should not take a user more than an hour to restore a key.
The spotAWS value is adjusted because AWS's c4.8xlarge instances run at
up to 3.5Ghz, compared with the 2.20Ghz of the Librem 13. Basically
it's one Moore's doubling ahead of the reference laptop.
Diffstat (limited to 'Cost.hs')
-rw-r--r-- | Cost.hs | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -50,6 +50,10 @@ estimateBruteforceOf t e = getBruteCostCalc t e data DataCenterPrice = DataCenterPrice { instanceCpuCores :: Integer + , instanceCpuCoreMultiplier :: Integer + -- ^ If the cores are twice as fast as the commodity hardware + -- that keysafe's cost estimates are based on, use 2 to indicate + -- this, etc. , instanceCostPerHour :: Cents } @@ -57,6 +61,7 @@ data DataCenterPrice = DataCenterPrice spotAWS :: DataCenterPrice spotAWS = DataCenterPrice { instanceCpuCores = 36 + , instanceCpuCoreMultiplier = 2 , instanceCostPerHour = Cents 33 } @@ -73,7 +78,7 @@ estimateAttackCost dc opcost = centsToDollars $ costcents cpuyears = cpuseconds `div` (60*60*24*365) costpercpuyear = Cents $ fromIntegral (instanceCostPerHour dc) * 24 * 365 - `div` instanceCpuCores dc + `div` (instanceCpuCores dc * instanceCpuCoreMultiplier dc) costcents = Cents cpuyears * costpercpuyear newtype Cents = Cents Integer |