diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-08-16 16:59:25 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-08-16 16:59:25 -0400 |
| commit | c2eba63d11c748aeebdd3a4a3a5b015ac5e2f2c9 (patch) | |
| tree | f75ee5e067fee2b36fdc75ad470fd9cc2e11268e /keysafe.hs | |
| parent | 9473fee1bb0f9f549de41eec9f7b7d141f2ebfd3 (diff) | |
| download | keysafe-c2eba63d11c748aeebdd3a4a3a5b015ac5e2f2c9.tar.gz | |
add cost estimates
Diffstat (limited to 'keysafe.hs')
| -rw-r--r-- | keysafe.hs | 31 |
1 files changed, 23 insertions, 8 deletions
@@ -20,6 +20,8 @@ import Storage import Storage.LocalFiles import qualified Gpg import Data.Maybe +import Data.Time.Clock +import Data.Time.Calendar import Control.Monad import qualified Data.ByteString as B import qualified Data.ByteString.UTF8 as BU8 @@ -82,27 +84,36 @@ backup ui tunables secretkeysource secretkey = do name <- fromMaybe (error "Aborting on no name") <$> promptName ui "Enter name" namedesc username validateName - kek <- getkek name + kek <- promptkek name let esk = encrypt tunables kek secretkey let sis = shardIdents tunables name secretkeysource shards <- genShards esk tunables print =<< mapM (uncurry (storeShard localFiles)) (zip (getIdents sis) shards) print =<< obscureShards localFiles where - getkek name = do + promptkek name = do password <- fromMaybe (error "Aborting on no password") <$> promptPassword ui True "Enter password" passworddesc kek <- genKeyEncryptionKey tunables name password username <- userName let badwords = concatMap namewords [name, username] - let crackcost = estimateAttack spotAWS $ + let crackcost = estimateAttackCost spotAWS $ estimateBruteforceOf kek $ passwordEntropy password badwords - ok <- promptQuestion ui "Password strength estimate" $ - show crackcost - if ok - then return kek - else getkek name + let mincost = Dollars 100000 + if crackcost < mincost + then do + showError ui $ "Weak password! It would cost less than " ++ show mincost ++ " to crack the password. Please think of a better one. More words would be good.." + promptkek name + else do + (thisyear, _, _) <- toGregorian . utctDay + <$> getCurrentTime + ok <- promptQuestion ui "Password strength estimate" + (crackdesc crackcost thisyear) + "Is your password strong enough?" + if ok + then return kek + else promptkek name namewords (Name nb) = words (BU8.toString nb) namedesc = unlines [ "To back up your secret key, you will need to enter a name and a password." @@ -121,6 +132,10 @@ backup ui tunables secretkeysource secretkey = do , "And, it needs to be one that you will be able to remember years from now" , "in order to restore your secret key." ] + crackdesc crackcost thisyear = unlines $ + "Rough estimate of the cost to crack your password: " : + map (\(c, y) -> " " ++ show y ++ ":\t" ++ show c) + (costOverTime crackcost thisyear) restore :: UI -> SecretKeySource -> IO () restore ui secretkeydest = do |