From 2ac09d3d88bcd1dc28449eec685dbd000dca7b57 Mon Sep 17 00:00:00 2001
From: Henri <3359083+sternhenri@users.noreply.github.com>
Date: Thu, 7 May 2020 11:02:32 -0400
Subject: [PATCH 1/2] Updating for ASIC and other advances

Yikes... 7 crypto-years is a long time.
---
 README.md | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index fef6c28..bf755b8 100644
--- a/README.md
+++ b/README.md
@@ -134,16 +134,15 @@ the cost of computing a hash.  After all, an adversary can either
 spend cycles mining bitcoins or cracking your passphrase.  So cracking
 your passphrase has a quantifiable opportunity cost.
 
-As of 7 Feb 2013, the Bitcoin difficulty rate is
-3,275,465, meaning it takes 2^32*3275465 hashes on average to
-get a Bitcoin unit, which is 50 Bitcoins, each of which is worth
-about $21.75 dollars.  So a conservative estimate is that a call to
-SHA2 costs about 50*21.75/(2^32*3275465) dollars, or roughly 2^(-43.6) dollars.
-So your password will require 2^(65-43.6) or roughly $2.7 million
-to crack.
-
-If you want better security, you can choose a 5-word passphrase,
-which conservatively costs about $34 billion to crack.
+As of 7 May 2020, the Bitcoin difficulty rate is
+16,104,807,485,529, meaning it takes 2^32*16104807485529 hashes on average to
+get a Bitcoin unit, which is 12.5 Bitcoins, each of which is worth
+about $9,447 dollars.  So a conservative estimate is that a call to
+SHA2 costs about 12.5\*9447/(2^32\*16104807485529) dollars, or roughly 2^(-59.0) dollars.
+So your password will require 2^(65-59) or roughly $64 to crack.
+
+If you want better security, you can choose a 5-word passphrase (i.e. 72 bits
+of entropy), which conservatively costs about $1 million to crack.
 
 ### Why not `bcrypt` or `scrypt`?
 

From 937a4ee30018ab8ab56013c84e383f4e88100248 Mon Sep 17 00:00:00 2001
From: Henri S <sternhenri@users.noreply.github.com>
Date: Thu, 7 May 2020 11:35:39 -0400
Subject: [PATCH 2/2] update security defaults for 2020 standards

---
 README.md                 | 16 ++++++++--------
 extension/html/index.html |  4 ++--
 html/index.html           |  4 ++--
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index bf755b8..12ecd26 100644
--- a/README.md
+++ b/README.md
@@ -47,9 +47,9 @@ You can bookmark the URL https://oneshallpass.com/#email=you@email.com
 
 Try [this handy tool][pp], also distributed as part of this project.
 
-### Why shouldn't I dial up the security parameter to 10 or 16?
+### Why shouldn't I dial up the security parameter to 16?
 
-You might want to use 1SP on your phone, and it's way slower at
+You might want to use 1SP on your phone, and it's slower at
 computing passwords than your desktop is.
 
 ### "One Shall Pass", is that a reference to Lord of the Rings?
@@ -120,9 +120,9 @@ of work in either case.
 
 If you use the [suggested passphrase
 generation tool][pp], and the default security setting, your password will
-require in expectation 2^(58+8-1) = 2^65 calls to HMAC-SHA512 to crack. That
-is, the passphrase generator gives 58 bits of entropy, 1SP's use of PBKDF-2
-consumes 2^8 calls to HMAC-SHA512 to turn a passphrase into a derived key,
+require in expectation 2^(72+10-1) = 2^81 calls to HMAC-SHA512 to crack. That
+is, the passphrase generator gives 72 bits of entropy, 1SP's use of PBKDF-2
+consumes 2^10 calls to HMAC-SHA512 to turn a passphrase into a derived key,
 but on average, a cracker only needs to exhaust half of the search space to
 find your passphase (hence the 2^(-1) factor).  The obvious way to compute
 HMAC-SHA512 requires two invocations of SHA2, but I have not seen a proof that
@@ -139,10 +139,10 @@ As of 7 May 2020, the Bitcoin difficulty rate is
 get a Bitcoin unit, which is 12.5 Bitcoins, each of which is worth
 about $9,447 dollars.  So a conservative estimate is that a call to
 SHA2 costs about 12.5\*9447/(2^32\*16104807485529) dollars, or roughly 2^(-59.0) dollars.
-So your password will require 2^(65-59) or roughly $64 to crack.
+So your password will require 2^(81-59) or roughly $4.2 million to crack.
 
-If you want better security, you can choose a 5-word passphrase (i.e. 72 bits
-of entropy), which conservatively costs about $1 million to crack.
+If you want better security, you can choose a 6-word passphrase (i.e. 87 bits
+of entropy), which conservatively costs about $550 billion to crack.
 
 ### Why not `bcrypt` or `scrypt`?
 
diff --git a/extension/html/index.html b/extension/html/index.html
index 96b3805..c760c10 100644
--- a/extension/html/index.html
+++ b/extension/html/index.html
@@ -125,9 +125,9 @@
                       <option value="5">2^5</option>
                       <option value="6">2^6</option>
                       <option value="7">2^7</option>
-                      <option value="8" selected="selected">2^8</option>
+                      <option value="8">2^8</option>
                       <option value="9">2^9</option>
-                      <option value="10">2^10</option>
+                      <option value="10" selected="selected">2^10</option>
                       <option value="11">2^11</option>
                       <option value="12">2^12</option>
                       <option value="13">2^13</option>
diff --git a/html/index.html b/html/index.html
index dbbf847..e7a6308 100644
--- a/html/index.html
+++ b/html/index.html
@@ -140,9 +140,9 @@
                     <option value="5">2^5</option>
                     <option value="6">2^6</option>
                     <option value="7">2^7</option>
-                    <option value="8" selected="selected">2^8</option>
+                    <option value="8">2^8</option>
                     <option value="9">2^9</option>
-                    <option value="10">2^10</option>
+                    <option value="10" selected="selected">2^10</option>
                     <option value="11">2^11</option>
                     <option value="12">2^12</option>
                     <option value="13">2^13</option>