diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-08-06 21:39:38 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-08-06 21:58:20 -0400 |
| commit | 94d351004688992f8aeac7d03da55d179ef50e8c (patch) | |
| tree | d6db9a60d4b7b61e490926c8cc130d19aa6a3fca /ExpensiveHash.hs | |
| parent | e85b077676dffa9038a7f34e57523e77c3945261 (diff) | |
| download | keysafe-94d351004688992f8aeac7d03da55d179ef50e8c.tar.gz | |
more cost calculation and refactored Tunables
Diffstat (limited to 'ExpensiveHash.hs')
| -rw-r--r-- | ExpensiveHash.hs | 45 |
1 files changed, 16 insertions, 29 deletions
diff --git a/ExpensiveHash.hs b/ExpensiveHash.hs index 8bfe004..ca357bc 100644 --- a/ExpensiveHash.hs +++ b/ExpensiveHash.hs @@ -3,6 +3,8 @@ module ExpensiveHash where import Types +import Cost +import Tunables import qualified Data.ByteString as B import Raaz.Core.Encode import qualified Crypto.Argon2 as Argon2 @@ -14,41 +16,26 @@ import Control.DeepSeq -- This is a lynchpin of keysafe's security, because using this hash -- as an encryption key forces brute force attackers to generate -- hashes over and over again, taking a very long time. -data ExpensiveHash = ExpensiveHash Cost B.ByteString +data ExpensiveHash = ExpensiveHash (Cost CreationOp) B.ByteString deriving (Show) data Salt t = Salt t -expensiveHash :: Encodable t => RunMode -> Salt t -> Password -> ExpensiveHash -expensiveHash runmode (Salt s) (Password password) = - ExpensiveHash cost $ Argon2.hash o password (toByteString s) - where - HashParams o cost = hashParams runmode +expensiveHash :: Encodable t => Tunables -> Salt t -> Password -> ExpensiveHash +expensiveHash tunables (Salt s) (Password password) = + ExpensiveHash (argonCost tunables) $ + Argon2.hash (argonOptions tunables) password (toByteString s) -data HashParams = HashParams Argon2.HashOptions Cost - -hashParams :: RunMode -> HashParams -hashParams SecureMode = HashParams o cost - where - -- argon2 is GPU and ASIC resistent, so it uses CPU time. - -- The selected HashOptions were benchmarked at 661 seconds CPU time - -- on a 2 core Intel(R) Core(TM) i5-4210Y CPU @ 1.50GHz. - cost = CPUCost (Seconds 600) - o = Argon2.HashOptions - { Argon2.hashIterations = 10000 - , Argon2.hashMemory = 131072 -- 128 mebibtyes per thread - , Argon2.hashParallelism = 4 -- 4 threads - , Argon2.hashVariant = Argon2.Argon2i - } -hashParams TestingMode = - HashParams Argon2.defaultHashOptions $ CPUCost (Seconds 0) - -benchmarkExpensiveHash :: IO (Benchmark Cost) -benchmarkExpensiveHash = do +benchmarkExpensiveHash :: Tunables -> IO (Benchmark (Cost CreationOp)) +benchmarkExpensiveHash tunables = do start <- getCurrentTime - let ExpensiveHash expected b = expensiveHash SecureMode + let ExpensiveHash expected b = expensiveHash tunables (Salt (KeyIdent gpgKey (Name ("benchmark" :: B.ByteString)))) (Password ("himom" :: B.ByteString)) end <- b `deepseq` getCurrentTime - let actual = (CPUCost $ Seconds $ end `diffUTCTime` start) - return $ Benchmark { expectedBenchmark = expected, actualBenchmark = actual } + let diff = floor $ end `diffUTCTime` start + let actual = CPUCost $ Seconds diff + return $ Benchmark + { expectedBenchmark = expected + , actualBenchmark = actual + } |