From 785a4c17686b2248a4c27e61564604a3999e9c22 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 11 Aug 2016 23:50:56 -0400 Subject: disable decryption puzzle, at least for now It only adds 1 minute GPU time to each crack attempt, on top of the 10 minutes CPU time needed to argon2 the password. Since my implementation of the AES puzzle is currently really slow, this is not worth it. Will revisit when I have a faster AES library to use, or a better puzzle. --- Tunables.hs | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'Tunables.hs') diff --git a/Tunables.hs b/Tunables.hs index 1ecccf6..0053668 100644 --- a/Tunables.hs +++ b/Tunables.hs @@ -69,12 +69,11 @@ defaultTunables = Tunables , objectSize = 1024*64 -- 64 kb , expensiveHashTunable = UseArgon2 argonoptions argoncost , encryptionTunable = UseAES256 - -- AES can be calculated more efficiently by a GPU, so the - -- cost is a GPU cost. - -- This is set to only 1 minute because GPUs are quite a lot - -- faster than CPUs at AES, and so setting it higher would make - -- clients too slow at key recovery. - , decryptionPuzzleTunable = KeyBlindingLeftSide (GPUCost (Seconds 60)) + -- Setting this to eg, Seconds 60 only makes each password + -- guess 60 seconds longer on a GPU. But, on a CPU, keysafe + -- has to work for quite a long time to solve such a puzzle. + -- So, currently disabling the puzzle with Seconds 0. + , decryptionPuzzleTunable = KeyBlindingLeftSide (GPUCost (Seconds 0)) } where argonoptions = Argon2.HashOptions @@ -96,7 +95,7 @@ testModeTunables = Tunables , objectSize = 1024*64 , expensiveHashTunable = UseArgon2 weakargonoptions argoncost , encryptionTunable = UseAES256 - , decryptionPuzzleTunable = KeyBlindingLeftSide (GPUCost (Seconds 1)) + , decryptionPuzzleTunable = KeyBlindingLeftSide (GPUCost (Seconds 0)) } where UseArgon2 argonoptions argoncost = expensiveHashTunable defaultTunables -- cgit v1.2.3