diff --git a/README.md b/README.md
index fef6c28..12ecd26 100644
--- a/README.md
+++ b/README.md
@@ -47,9 +47,9 @@ You can bookmark the URL https://oneshallpass.com/#email=you@email.com
Try [this handy tool][pp], also distributed as part of this project.
-### Why shouldn't I dial up the security parameter to 10 or 16?
+### Why shouldn't I dial up the security parameter to 16?
-You might want to use 1SP on your phone, and it's way slower at
+You might want to use 1SP on your phone, and it's slower at
computing passwords than your desktop is.
### "One Shall Pass", is that a reference to Lord of the Rings?
@@ -120,9 +120,9 @@ of work in either case.
If you use the [suggested passphrase
generation tool][pp], and the default security setting, your password will
-require in expectation 2^(58+8-1) = 2^65 calls to HMAC-SHA512 to crack. That
-is, the passphrase generator gives 58 bits of entropy, 1SP's use of PBKDF-2
-consumes 2^8 calls to HMAC-SHA512 to turn a passphrase into a derived key,
+require in expectation 2^(72+10-1) = 2^81 calls to HMAC-SHA512 to crack. That
+is, the passphrase generator gives 72 bits of entropy, 1SP's use of PBKDF-2
+consumes 2^10 calls to HMAC-SHA512 to turn a passphrase into a derived key,
but on average, a cracker only needs to exhaust half of the search space to
find your passphase (hence the 2^(-1) factor). The obvious way to compute
HMAC-SHA512 requires two invocations of SHA2, but I have not seen a proof that
@@ -134,16 +134,15 @@ the cost of computing a hash. After all, an adversary can either
spend cycles mining bitcoins or cracking your passphrase. So cracking
your passphrase has a quantifiable opportunity cost.
-As of 7 Feb 2013, the Bitcoin difficulty rate is
-3,275,465, meaning it takes 2^32*3275465 hashes on average to
-get a Bitcoin unit, which is 50 Bitcoins, each of which is worth
-about $21.75 dollars. So a conservative estimate is that a call to
-SHA2 costs about 50*21.75/(2^32*3275465) dollars, or roughly 2^(-43.6) dollars.
-So your password will require 2^(65-43.6) or roughly $2.7 million
-to crack.
+As of 7 May 2020, the Bitcoin difficulty rate is
+16,104,807,485,529, meaning it takes 2^32*16104807485529 hashes on average to
+get a Bitcoin unit, which is 12.5 Bitcoins, each of which is worth
+about $9,447 dollars. So a conservative estimate is that a call to
+SHA2 costs about 12.5\*9447/(2^32\*16104807485529) dollars, or roughly 2^(-59.0) dollars.
+So your password will require 2^(81-59) or roughly $4.2 million to crack.
-If you want better security, you can choose a 5-word passphrase,
-which conservatively costs about $34 billion to crack.
+If you want better security, you can choose a 6-word passphrase (i.e. 87 bits
+of entropy), which conservatively costs about $550 billion to crack.
### Why not `bcrypt` or `scrypt`?
diff --git a/extension/html/index.html b/extension/html/index.html
index 96b3805..c760c10 100644
--- a/extension/html/index.html
+++ b/extension/html/index.html
@@ -125,9 +125,9 @@
-
+
-
+
diff --git a/html/index.html b/html/index.html
index dbbf847..e7a6308 100644
--- a/html/index.html
+++ b/html/index.html
@@ -140,9 +140,9 @@
-
+
-
+