Add justification on security parameter choice

sushmitsarmah · Feb 13, 2019 · d21ab4e · d21ab4e
1 parent 4f5ad4f
commit d21ab4e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/crypto/keys/mintkey/README.md b/crypto/keys/mintkey/README.md
@@ -1,3 +1,15 @@
+Security parameter choice
+-------------------------
+
+The present Bcrypt security parameter used is 12, which should take about a quarter of a second on midrange consumer hardware (see [Benchmarking](#benchmarking) section below).
+
+For some background into security parameter considerations, see [here](https://auth0.com/blog/hashing-in-action-understanding-bcrypt/) and [here](https://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256/3993#3993).
+
+Given our security model, where an attacker would need to already have access to a victim's computer and copy the `~/.gaiacli` directory (as opposed to e.g. web authentication), this parameter choice seems sufficient for the time being.
+
+Benchmarking
+------------
+
 To run Bcrypt benchmarks:
 
 ```bash

diff --git a/crypto/keys/mintkey/mintkey.go b/crypto/keys/mintkey/mintkey.go
@@ -34,7 +34,7 @@ const (
 // variables in runtime), one can cause the user to sign a different tx
 // than what they see, which is a significantly cheaper attack then breaking
 // a bcrypt hash. (Recall that the nonce still exists to break rainbow tables)
-// TODO: Consider increasing default
+// For further notes on security parameter choice, see README.md
 var BcryptSecurityParameter = 12
 
 //-----------------------------------------------------------------