From f215983130428573f83a99628f8e450c2a761f65 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Fri, 5 Apr 2013 11:38:02 +0000
Subject: use SCRYPT - fixing # 2685, needs LATEST libgcrypt (Git from today)

---
 src/nse/gnunet-service-nse.c |  2 +-
 src/nse/nse.conf.in          | 23 +++++++++++++++++------
 src/nse/perf_kdf.c           |  2 +-
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c
index 2b7b3f8ee..d427602d1 100644
--- a/src/nse/gnunet-service-nse.c
+++ b/src/nse/gnunet-service-nse.c
@@ -492,7 +492,7 @@ pow_hash (const void *buf,
 {
   GNUNET_break (0 == 
 		gcry_kdf_derive (buf, buf_len,
-				 GCRY_KDF_PBKDF2 /* FIX: use SCRYPT! */,
+				 GCRY_KDF_SCRYPT,
 				 1 /* subalgo */,
 				 "gnunet-proof-of-work", strlen ("gnunet-proof-of-work"),
 				 2 /* iterations; keep cost of individual op small */,
diff --git a/src/nse/nse.conf.in b/src/nse/nse.conf.in
index 84bbef5c5..64e07945e 100644
--- a/src/nse/nse.conf.in
+++ b/src/nse/nse.conf.in
@@ -11,18 +11,29 @@ UNIX_MATCH_UID = NO
 UNIX_MATCH_GID = YES
 PROOFFILE = $SERVICEHOME/.nse-proof
 
-# The directory where the NSE services logs timestamps everytime a size estime
-# flooding message is received
+# The directory where the NSE services logs timestamps everytime 
+# a size estime flooding message is received
+# This option is only used for benchmarking, not in production.
 HISTOGRAM_DIR = $SERVICEHOME
 
 # How 'slowly' should the proof-of-work be constructed (delay
 # between rounds); sane values between 0 and ~1000.
+# It should rarely make sense to change this value.
+# Only systems with slow CPUs where 5ms is a long time might
+# want it to be reduced.
 WORKDELAY = 5 ms
 
 # Note: changing any of the values below will make this peer
-# completely incompatible with other peers! 
+# completely incompatible with other peers!
+
+# How often do peers exchange network size messages?
+# Note that all peers MUST use the same interval.
+# DO NOT CHANGE THIS VALUE, doing so will break the protocol!
 INTERVAL = 1 h
-# 26 is about 100 minutes on a modern i7 (single-core) for PBKDF2;
-# need to re-calibrate once we have SCRYPT!
-WORKBITS = 26
+
+# 2^22 hash operations take about 2-3h on a modern i7 (single-core)
+# for SCRYPT; with 2ms/op and 5ms workdelay, we can expect
+# the POW calculation to be done by a high-end peer in about 6h
+# DO NOT CHANGE THIS VALUE, doing so will break the protocol!
+WORKBITS = 22
 
diff --git a/src/nse/perf_kdf.c b/src/nse/perf_kdf.c
index e462c129f..fbc846ac2 100644
--- a/src/nse/perf_kdf.c
+++ b/src/nse/perf_kdf.c
@@ -45,7 +45,7 @@ pow_hash (const void *buf,
 {
   GNUNET_break (0 == 
 		gcry_kdf_derive (buf, buf_len,
-				 GCRY_KDF_PBKDF2 /* FIX: use SCRYPT! */,
+				 GCRY_KDF_SCRYPT,
 				 1 /* subalgo */,
 				 "gnunet-proof-of-work", strlen ("gnunet-proof-of-work"),
 				 2 /* iterations; keep cost of individual op small */,
-- 
cgit v1.2.3