What should $m$ be set to in practice? Can we derive $m$ from a bound on how much attacker hashpower there is and a failure probablity?