fluencelabs/tendermint
1
0
Fork 0
mirror of https://github.com/fluencelabs/tendermint synced 2025-06-03 08:31:20 +00:00
Code Issues Projects Releases Wiki Activity

Revert "Parameterize and lower bcrypt cost"

Browse Source 
This reverts commit dfc4cdd2d71513e4a9922d679c74f36357c4c862.
This commit is contained in:
Ethan Buchman 2017-10-27 21:58:02 -04:00
parent 8630b724b2
commit 87badb090f
1 changed files with 2 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
keys/cryptostore/encoder.go
View File

@ -7,20 +7,6 @@ import (
"github.com/tendermint/go-crypto/bcrypt" "github.com/tendermint/go-crypto/bcrypt"
) )
const (
// BcryptCost is as parameter to increase the resistance of the
// encoded keys to brute force password guessing
//
// Jae: 14 is good today (2016)
//
// Ethan: loading the key (at each signing) takes a second on my desktop,
// this is hard for laptops and deadly for mobile. You can raise it again,
// but for now, I will make this usable
//
// TODO: review value
BCryptCost = 12
)
var ( var (
// SecretBox uses the algorithm from NaCL to store secrets securely // SecretBox uses the algorithm from NaCL to store secrets securely
SecretBox Encoder = secretbox{} SecretBox Encoder = secretbox{}
@ -44,7 +30,7 @@ func (e secretbox) Encrypt(privKey crypto.PrivKey, passphrase string) (saltBytes
} }
saltBytes = crypto.CRandBytes(16) saltBytes = crypto.CRandBytes(16)
key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), BCryptCost) key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize. 14 is good today (2016)
if err != nil { if err != nil {
return nil, nil, errors.Wrap(err, "Couldn't generate bcrypt key from passphrase.") return nil, nil, errors.Wrap(err, "Couldn't generate bcrypt key from passphrase.")
} }
@ -58,7 +44,7 @@ func (e secretbox) Decrypt(saltBytes []byte, encBytes []byte, passphrase string)
// NOTE: Some keys weren't encrypted with a passphrase and hence we have the conditional // NOTE: Some keys weren't encrypted with a passphrase and hence we have the conditional
if passphrase != "" { if passphrase != "" {
var key []byte var key []byte
key, err = bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), BCryptCost) key, err = bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize. 14 is good today (2016)
if err != nil { if err != nil {
return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase") return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
} }