Improving the encryption of the shared key by adding a salt.

etnt · Mar 13, 2009 · 3d66ae4 · 3d66ae4
1 parent 45f446e
commit 3d66ae4
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/ebin/ehotp.app b/ebin/ehotp.app
@@ -3,7 +3,8 @@
   [{description, "Erlang Hash based One Time Password system."},
    {vsn, "0.1.0"},
    {mod, {ehotp_app, []}},
-   {env, [{backend, ehotp_ets}    % ehotp_(ets | mnesia | couchdb)
+   {env, [{backend, ehotp_ets}                  % ehotp_(ets | mnesia | couchdb)
+          ,{salt, "guard this with your life"}  % used to encrypt the shared keys
          ]},
    {modules, [ehotp
               ,ehotp_app

diff --git a/src/ehotp.erl b/src/ehotp.erl
@@ -100,8 +100,13 @@ generate_random_key() ->
 %%% @doc Encrypt (lock) the key using the Pin code.    
 %%%
 lock_key(Pin, Key) when is_binary(Key) -> 
-    Pin2 = Pin*Pin*Pin,
-    PinB = crypto:sha_mac(<<Pin:16>>, <<Pin2:32>>),
+    Salt = integer_to_list(Pin*Pin) ++ ehotp_app:get_env(salt, ""),
+    lock_key(Pin, Key, list_to_binary(Salt)).
+
+lock_key(Pin, Key, Salt) when is_list(Salt) -> 
+    lock_key(Pin, Key, list_to_binary(Salt));
+lock_key(Pin, Key, Salt) when is_binary(Key), is_binary(Salt) -> 
+    PinB = crypto:sha_mac(<<Pin:16>>, <<Salt/binary>>),
     crypto:exor(PinB, Key).
 
 %%% @doc Decrypt (unlock) the key using the Pin code.