Permalink
Browse files

Improving the encryption of the shared key by adding a salt.

  • Loading branch information...
1 parent 45f446e commit 3d66ae4940cdecb6d19a83601eac0d90655548dd Torbjorn Tornkvist committed Mar 13, 2009
Showing with 9 additions and 3 deletions.
  1. +2 −1 ebin/ehotp.app
  2. +7 −2 src/ehotp.erl
View
@@ -3,7 +3,8 @@
[{description, "Erlang Hash based One Time Password system."},
{vsn, "0.1.0"},
{mod, {ehotp_app, []}},
- {env, [{backend, ehotp_ets} % ehotp_(ets | mnesia | couchdb)
+ {env, [{backend, ehotp_ets} % ehotp_(ets | mnesia | couchdb)
+ ,{salt, "guard this with your life"} % used to encrypt the shared keys
]},
{modules, [ehotp
,ehotp_app
View
@@ -100,8 +100,13 @@ generate_random_key() ->
%%% @doc Encrypt (lock) the key using the Pin code.
%%%
lock_key(Pin, Key) when is_binary(Key) ->
- Pin2 = Pin*Pin*Pin,
- PinB = crypto:sha_mac(<<Pin:16>>, <<Pin2:32>>),
+ Salt = integer_to_list(Pin*Pin) ++ ehotp_app:get_env(salt, ""),
+ lock_key(Pin, Key, list_to_binary(Salt)).
+
+lock_key(Pin, Key, Salt) when is_list(Salt) ->
+ lock_key(Pin, Key, list_to_binary(Salt));
+lock_key(Pin, Key, Salt) when is_binary(Key), is_binary(Salt) ->
+ PinB = crypto:sha_mac(<<Pin:16>>, <<Salt/binary>>),
crypto:exor(PinB, Key).
%%% @doc Decrypt (unlock) the key using the Pin code.

0 comments on commit 3d66ae4

Please sign in to comment.