keygen & keymgmt should take --passphrase-time parameters

[cperciva]

Use case: Running tarsnap-keymgmt to create a super-secure encrypted key file because you're going to be printing it out and storing it offline.

Suggested by: Hugo Landau

[cperciva]

See passphrase-time branch.

[cperciva]

See passphrase-time branch.

[gperciva]

note to self: this is not aimed at 1.0.36.

[gperciva]

note to self: this is not aimed at 1.0.36.

[gperciva]

So in lib/keyfile/keyfile.h, it says:

/**
 * keyfile_write(filename, machinenum, keys, passphrase, maxmem, cputime):
 * Write a key file for the specified machine containing the specified keys.
 * If passphrase is non-NULL, use up to cputime seconds and maxmem bytes of
 * memory to encrypt the key file.
 */
int keyfile_write(const char *, uint64_t, int, char *, size_t, double);

I'm not certain how to interpret "use up to" (in computing terms; obviously I understand the English).

With 8a3a352, I see this:

$ time ./tarsnap-keygen --keyfile keys-60.txt --user gperciva@tarsnap.com --machine gin --passphrase-time 60 --passphrased
Enter tarsnap account password: 
Please enter passphrase for keyfile encryption: 
Please confirm passphrase for keyfile encryption: 

real    0m14.500s
user    0m8.607s
sys 0m0.051s

Obviously it took me a bit of time to enter my password and passphrase, so does --passphrase-time have a real interpretation in seconds? or does it stop much sooner than 60 seconds because I didn't specify a large memory limit?

[gperciva]

So in lib/keyfile/keyfile.h, it says:

/**
 * keyfile_write(filename, machinenum, keys, passphrase, maxmem, cputime):
 * Write a key file for the specified machine containing the specified keys.
 * If passphrase is non-NULL, use up to cputime seconds and maxmem bytes of
 * memory to encrypt the key file.
 */
int keyfile_write(const char *, uint64_t, int, char *, size_t, double);

I'm not certain how to interpret "use up to" (in computing terms; obviously I understand the English).

With 8a3a352, I see this:

$ time ./tarsnap-keygen --keyfile keys-60.txt --user gperciva@tarsnap.com --machine gin --passphrase-time 60 --passphrased
Enter tarsnap account password: 
Please enter passphrase for keyfile encryption: 
Please confirm passphrase for keyfile encryption: 

real    0m14.500s
user    0m8.607s
sys 0m0.051s

Obviously it took me a bit of time to enter my password and passphrase, so does --passphrase-time have a real interpretation in seconds? or does it stop much sooner than 60 seconds because I didn't specify a large memory limit?

[cperciva]

"use up to" means that the scrypt code tries to figure out how fast your CPU is and picks parameters which it predicts will use that much time. In this case, it clearly underestimated your CPU performance -- possibly because your CPU was clocked down but sped up one it started being used.

[cperciva]

"use up to" means that the scrypt code tries to figure out how fast your CPU is and picks parameters which it predicts will use that much time. In this case, it clearly underestimated your CPU performance -- possibly because your CPU was clocked down but sped up one it started being used.

[gperciva]

Addressed in PR #38.

[gperciva]

Addressed in PR #38.

[cperciva]

Fixed in 89d0340.

[cperciva]

Fixed in 89d0340.