Improving the encryption of the shared key by adding a salt.

Torbjorn Tornkvist · Torbjorn Tornkvist · commit 3d66ae4940cd · 2009-03-13T14:56:06.000+01:00
diff --git a/ebin/ehotp.app b/ebin/ehotp.app
@@ -3,7 +3,8 @@
   [{description, "Erlang Hash based One Time Password system."},
    {vsn, "0.1.0"},
    {mod, {ehotp_app, []}},
-   {env, [{backend, ehotp_ets}    % ehotp_(ets | mnesia | couchdb)
+   {env, [{backend, ehotp_ets}                  % ehotp_(ets | mnesia | couchdb)
+          ,{salt, "guard this with your life"}  % used to encrypt the shared keys
          ]},
    {modules, [ehotp
               ,ehotp_app
diff --git a/src/ehotp.erl b/src/ehotp.erl
@@ -100,8 +100,13 @@ generate_random_key() ->
 %%% @doc Encrypt (lock) the key using the Pin code.    
 %%%
 lock_key(Pin, Key) when is_binary(Key) -> 
-    Pin2 = Pin*Pin*Pin,
-    PinB = crypto:sha_mac(<<Pin:16>>, <<Pin2:32>>),
+    Salt = integer_to_list(Pin*Pin) ++ ehotp_app:get_env(salt, ""),
+    lock_key(Pin, Key, list_to_binary(Salt)).
+
+lock_key(Pin, Key, Salt) when is_list(Salt) -> 
+    lock_key(Pin, Key, list_to_binary(Salt));
+lock_key(Pin, Key, Salt) when is_binary(Key), is_binary(Salt) -> 
+    PinB = crypto:sha_mac(<<Pin:16>>, <<Salt/binary>>),
     crypto:exor(PinB, Key).
 
 %%% @doc Decrypt (unlock) the key using the Pin code.    
