diff options
| -rw-r--r-- | Tunables.hs | 13 | ||||
| -rw-r--r-- | keysafe.hs | 2 |
2 files changed, 8 insertions, 7 deletions
diff --git a/Tunables.hs b/Tunables.hs index 1ecccf6..0053668 100644 --- a/Tunables.hs +++ b/Tunables.hs @@ -69,12 +69,11 @@ defaultTunables = Tunables , objectSize = 1024*64 -- 64 kb , expensiveHashTunable = UseArgon2 argonoptions argoncost , encryptionTunable = UseAES256 - -- AES can be calculated more efficiently by a GPU, so the - -- cost is a GPU cost. - -- This is set to only 1 minute because GPUs are quite a lot - -- faster than CPUs at AES, and so setting it higher would make - -- clients too slow at key recovery. - , decryptionPuzzleTunable = KeyBlindingLeftSide (GPUCost (Seconds 60)) + -- Setting this to eg, Seconds 60 only makes each password + -- guess 60 seconds longer on a GPU. But, on a CPU, keysafe + -- has to work for quite a long time to solve such a puzzle. + -- So, currently disabling the puzzle with Seconds 0. + , decryptionPuzzleTunable = KeyBlindingLeftSide (GPUCost (Seconds 0)) } where argonoptions = Argon2.HashOptions @@ -96,7 +95,7 @@ testModeTunables = Tunables , objectSize = 1024*64 , expensiveHashTunable = UseArgon2 weakargonoptions argoncost , encryptionTunable = UseAES256 - , decryptionPuzzleTunable = KeyBlindingLeftSide (GPUCost (Seconds 1)) + , decryptionPuzzleTunable = KeyBlindingLeftSide (GPUCost (Seconds 0)) } where UseArgon2 argonoptions argoncost = expensiveHashTunable defaultTunables @@ -57,6 +57,8 @@ retrievedemo = do hFlush stdout case decrypt kek esk of -- TODO: verify checksum to avoid false positives + -- (It's working without it only because the + -- decryption puzzle is currently disabled.) Just (SecretKey sk) -> print sk Nothing -> go esk rest |