Replace HMAC with alternative that better reflects usage

discipl / core

Discipl Core

GNU General Public License v3.0

9 stars 8 forks source link

Replace HMAC with alternative that better reflects usage #10

Closed pimotte closed 4 years ago

pimotte commented 5 years ago

The current usage of HMAC to generate a link string is a little bit misleading, since ssid.did is not actually meant to be secret. My suggestion would be to replace it with something like a progressive sha-256 hash.

var sha256 = CryptoJS.algo.SHA256.create(); 
sha256.update(data); 
sha256.update(ssid.did);
var hash = sha256.finalize();

This would also result in a string that can be derived by having the ssid and data.

bkaptijn commented 5 years ago

Note, this is related to #5

pimotte commented 4 years ago

Was fixed at some point.