From 13c408d2295597540f0b2dfb6f7b86e739876c90 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 12 Sep 2016 22:35:47 -0400 Subject: implement client-server Proof Of Work Mashed up a argon2-based PoW with token buckets and bloom filters. This is intended to prevent a few abuses including: * Using a keysafe server for general file storage, by storing a whole lot of chunks. * An attacker guessing names that people will use, and uploading junk to keysafe servers under those names, to make it harder for others to use keysafe later. * An attacker trying to guess the names used for objects on keysafe servers in order to download them and start password cracking. (As a second level of defense, since the name generation hash is expensive already.) Completely untested, but it builds! This commit was sponsored by Andreas on Patreon. --- Tunables.hs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'Tunables.hs') diff --git a/Tunables.hs b/Tunables.hs index d7e5ac7..1d087bf 100644 --- a/Tunables.hs +++ b/Tunables.hs @@ -9,6 +9,7 @@ module Tunables where import Cost import qualified Crypto.Argon2 as Argon2 +import Data.Word -- | To determine the tunables used for a key name the expensive hash of the -- name is calculated, using a particular configuration, and if the @@ -139,3 +140,19 @@ knownObjectSizes :: [Int] knownObjectSizes = map (calc . snd) knownTunings where calc t = objectSize t * shareOverhead t + +-- Hash for client-server Proof Of Work. This is tuned to take around +-- 4 seconds to calculate the hash on a 4 core machine, with 0 added +-- iterations. Adding more iterations will increase that somewhat. +-- +-- This is not included in Tunables because it doesn't affect object +-- encryption and storage. +proofOfWorkHashTunable :: Word32 -> ExpensiveHashTunable +proofOfWorkHashTunable addits = + UseArgon2 (CPUCost (Seconds (4 + (4 * fromIntegral addits `div` 20))) (Divisibility 4)) $ + Argon2.HashOptions + { Argon2.hashIterations = 20 + addits + , Argon2.hashMemory = 131072 -- 128 mebibtyes per thread + , Argon2.hashParallelism = 4 + , Argon2.hashVariant = Argon2.Argon2i + } -- cgit v1.2.3