use less expensive hash for proof of work

The server has to run the hash once to verify a request, so a hash that
took 4 seconds could make the server do too much work if it's being flooded
with requests.

So, made the hash much less expensive.

This required keeping track of fractional seconds. Actually, I used
Rational for them, to avoid most rounding problems. That turned out nice.

I've only tuned the proofOfWorkHashTunable on my fanless overheating
laptop so far. It seems to be fairly reasonablly tuned though.

1 files changed, 10 insertions, 6 deletions

diff --git a/Tunables.hs b/Tunables.hs
index 1d087bf..5c28a39 100644
--- a/Tunables.hs
+++ b/Tunables.hs
@@ -142,17 +142,21 @@ knownObjectSizes = map (calc . snd) knownTunings
 	calc t = objectSize t * shareOverhead t
 
 -- Hash for client-server Proof Of Work. This is tuned to take around
--- 4 seconds to calculate the hash on a 4 core machine, with 0 added
--- iterations. Adding more iterations will increase that somewhat.
+-- 4 seconds to calculate the hash 256 times on a 4 core machine, with 
+-- 0 added iterations. Adding more iterations will increase that somewhat.
 --
 -- This is not included in Tunables because it doesn't affect object
--- encryption and storage.
+-- encryption and storage. Any change to this will break backwards
+-- compatability of the HTTP protocol!
 proofOfWorkHashTunable :: Word32 -> ExpensiveHashTunable
 proofOfWorkHashTunable addits = 
-	UseArgon2 (CPUCost (Seconds (4 + (4 * fromIntegral addits `div` 20))) (Divisibility 4)) $ 
+	UseArgon2 (CPUCost (Seconds nsecs) (Divisibility 4)) $ 
 		Argon2.HashOptions
-			{ Argon2.hashIterations = 20 + addits
-			, Argon2.hashMemory = 131072 -- 128 mebibtyes per thread
+			{ Argon2.hashIterations = nits
+			, Argon2.hashMemory = 1000
 			, Argon2.hashParallelism = 4
 			, Argon2.hashVariant = Argon2.Argon2i
 			}
+  where
+	nits = 20 + addits
+	nsecs = (4 * fromIntegral nits / 20) / 256