Browse Source

Revert "Parameterize and lower bcrypt cost"

This reverts commit dfc4cdd2d7.
pull/1782/head
Ethan Buchman 7 years ago
parent
commit
87badb090f
1 changed files with 2 additions and 16 deletions
  1. +2
    -16
      keys/cryptostore/encoder.go

+ 2
- 16
keys/cryptostore/encoder.go View File

@ -7,20 +7,6 @@ import (
"github.com/tendermint/go-crypto/bcrypt"
)
const (
// BcryptCost is as parameter to increase the resistance of the
// encoded keys to brute force password guessing
//
// Jae: 14 is good today (2016)
//
// Ethan: loading the key (at each signing) takes a second on my desktop,
// this is hard for laptops and deadly for mobile. You can raise it again,
// but for now, I will make this usable
//
// TODO: review value
BCryptCost = 12
)
var (
// SecretBox uses the algorithm from NaCL to store secrets securely
SecretBox Encoder = secretbox{}
@ -44,7 +30,7 @@ func (e secretbox) Encrypt(privKey crypto.PrivKey, passphrase string) (saltBytes
}
saltBytes = crypto.CRandBytes(16)
key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), BCryptCost)
key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize. 14 is good today (2016)
if err != nil {
return nil, nil, errors.Wrap(err, "Couldn't generate bcrypt key from passphrase.")
}
@ -58,7 +44,7 @@ func (e secretbox) Decrypt(saltBytes []byte, encBytes []byte, passphrase string)
// NOTE: Some keys weren't encrypted with a passphrase and hence we have the conditional
if passphrase != "" {
var key []byte
key, err = bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), BCryptCost)
key, err = bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize. 14 is good today (2016)
if err != nil {
return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
}


Loading…
Cancel
Save