[erlang-questions] Secure Tokens

[Lee Sylvester]

Hey guys,

So, I'd like to create secure tokens in Erlang. This can either be a simple UUID generator which I then store with user credentials or a way to encode a string, such as JSON, as an encrypted token. In Golang, I would do this with fernet, but I need an Erlang solution :-)

I know Erlang isn't best used for such tasks, but does anyone out there know of something usable for this purpose?

Thanks loads,
Lee
_______________________________________________
erlang-questions mailing list
erlang-q...@erlang.org
http://erlang.org/mailman/listinfo/erlang-questions

[Jeremy Ong]

Look at bcrypt or crypto.

[Lee Sylvester]

Wow, thank you Jeremy, that was fast!!! Thank you, I will. :-)

Lee

[Bob Ippolito]

There's something similar to your requirements in here:

https://github.com/mochi/mochiweb/blob/master/src/mochiweb_session.erl

On Mon, Apr 1, 2013 at 1:05 PM, Lee Sylvester <lee.sy...@gmail.com> wrote:

[Vladimir Dronnikov]

I drive https://github.com/dvv/termit for this. Feel free to feedback/blame :)

[Lee Sylvester]

Wow, a fernet like impl for Erlang!!! Perfect!!!  Thank you very much. This will make my life so much easier :-)

Regards,

Lee

[Bob Ippolito]

No reason to celebrate just yet, termit has a broken cryptosystem. Here's two things I noticed after a quick glance:

* The IV is derived from the secret key. The IV must be unpredictable at encryption time in CBC mode. This is VERY VERY bad.

* Verification of the signature isn't constant-time, so it's susceptible to timing attacks. This is still bad, but probably harder to exploit.

It would be unwise to use this implementation. I don't claim that the mochiweb code is perfect, and I'm not a cryptograph expert, but I have audited it and I didn't find any obvious flaws (other than the timing attack that I fixed).

[Vladimir Dronnikov]

Hi, Bob!

Thank you for feedback. Am not an expert in crypto domain, so I wonder if you could help me amend termit' cryptosystem.

TIA,

--Vladimir

[Lee Sylvester]

Thanks for the heads up, Bob. Luckily, I simply need to mimick Fernet while my portal interface is being built; then I can scrap my tokening altogether. However, I'll take your points onboard for any production impl.  I'm sure, tho, that your raised points will help improve Termit.

Regards,

Lee

Sent from my iPhone

[Lee Sylvester]

Hi Vladimir,

I'd certainly help if I can. I'm no expert, either, but I find offloading handling of token decryption to be useful, especially across unlinked nodes. So, I'm sure others will see the usefulness of this.

Best,

Lee

Sent from my iPhone

[Bob Ippolito]

If you take a look at the implementation in mochiweb_session, you'll see that it's very similar in structure to termit but the IV is generated with random bytes in encrypt_data/2 and there's an eq/2 function to do constant time comparison of signatures.

If you're interested in learning more about crypto I highly recommend Dan Boneh's class on Coursera https://www.coursera.org/course/crypto

[Vladimir Dronnikov]

https://github.com/dvv/termit is now fixed, thanks to invaluable Bob's assistance.