From d21ab4efc546bb081324ea942a8c2e5336ac291e Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Wed, 13 Feb 2019 15:36:03 +0100 Subject: [PATCH] Add justification on security parameter choice --- crypto/keys/mintkey/README.md | 12 ++++++++++++ crypto/keys/mintkey/mintkey.go | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/crypto/keys/mintkey/README.md b/crypto/keys/mintkey/README.md index 38da0fbe7f08..ca3d4c21cff7 100644 --- a/crypto/keys/mintkey/README.md +++ b/crypto/keys/mintkey/README.md @@ -1,3 +1,15 @@ +Security parameter choice +------------------------- + +The present Bcrypt security parameter used is 12, which should take about a quarter of a second on midrange consumer hardware (see [Benchmarking](#benchmarking) section below). + +For some background into security parameter considerations, see [here](https://auth0.com/blog/hashing-in-action-understanding-bcrypt/) and [here](https://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256/3993#3993). + +Given our security model, where an attacker would need to already have access to a victim's computer and copy the `~/.gaiacli` directory (as opposed to e.g. web authentication), this parameter choice seems sufficient for the time being. + +Benchmarking +------------ + To run Bcrypt benchmarks: ```bash diff --git a/crypto/keys/mintkey/mintkey.go b/crypto/keys/mintkey/mintkey.go index 3b06415e2e4d..11743013a537 100644 --- a/crypto/keys/mintkey/mintkey.go +++ b/crypto/keys/mintkey/mintkey.go @@ -34,7 +34,7 @@ const ( // variables in runtime), one can cause the user to sign a different tx // than what they see, which is a significantly cheaper attack then breaking // a bcrypt hash. (Recall that the nonce still exists to break rainbow tables) -// TODO: Consider increasing default +// For further notes on security parameter choice, see README.md var BcryptSecurityParameter = 12 //-----------------------------------------------------------------