diff --git a/keys/cryptostore/encoder.go b/keys/cryptostore/encoder.go
index 99241f1b7..31f49c3f7 100644
--- a/keys/cryptostore/encoder.go
+++ b/keys/cryptostore/encoder.go
@@ -7,20 +7,6 @@ import (
 	"github.com/tendermint/go-crypto/bcrypt"
 )
 
-const (
-	// BcryptCost is as parameter to increase the resistance of the
-	// encoded keys to brute force password guessing
-	//
-	// Jae: 14 is good today (2016)
-	//
-	// Ethan: loading the key (at each signing) takes a second on my desktop,
-	// this is hard for laptops and deadly for mobile. You can raise it again,
-	// but for now, I will make this usable
-	//
-	// TODO: review value
-	BCryptCost = 12
-)
-
 var (
 	// SecretBox uses the algorithm from NaCL to store secrets securely
 	SecretBox Encoder = secretbox{}
@@ -44,7 +30,7 @@ func (e secretbox) Encrypt(privKey crypto.PrivKey, passphrase string) (saltBytes
 	}
 
 	saltBytes = crypto.CRandBytes(16)
-	key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), BCryptCost)
+	key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize.  14 is good today (2016)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "Couldn't generate bcrypt key from passphrase.")
 	}
@@ -58,7 +44,7 @@ func (e secretbox) Decrypt(saltBytes []byte, encBytes []byte, passphrase string)
 	// NOTE: Some keys weren't encrypted with a passphrase and hence we have the conditional
 	if passphrase != "" {
 		var key []byte
-		key, err = bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), BCryptCost)
+		key, err = bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize.  14 is good today (2016)
 		if err != nil {
 			return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
 		}