Hashing secret

x/beam/client/cli/tx.go

@@ -54,8 +54,14 @@ func CmdOpenBeam() *cobra.Command {
 			// Generate the random id
 			id := types.GenerateSecureToken(10)
 
+			// Encode the secret
+			hashedSecret, err := types.GenerateHashFromString(argsSecret)
+			if err != nil {
+				return err
+			}
+
 			// Construct the message and validate
-			msg := types.NewMsgOpenBeam(id, clientCtx.GetFromAddress().String(), int64(argsAmount), argsSecret)
+			msg := types.NewMsgOpenBeam(id, clientCtx.GetFromAddress().String(), int64(argsAmount), hashedSecret)
 			if err := msg.ValidateBasic(); err != nil {
 				return err
 			}

x/beam/keeper/keeper.go

@@ -272,8 +272,7 @@ func (k Keeper) ClaimBeam(ctx sdk.Context, msg types.MsgClaimBeam) error {
 	beam := k.GetBeam(ctx, msg.Id)
 
 	// Make sure transaction signer is authorized
-	//TODO: find a cryptographic way for this
-	if beam.Secret != msg.Secret {
+	if types.CompareHashAndString(beam.Secret, msg.Secret) == false {
 		return types.ErrBeamNotAuthorized
 	}
 

x/beam/types/utils.go

@@ -2,6 +2,7 @@ package types
 
 import (
 	"encoding/hex"
+	"golang.org/x/crypto/bcrypt"
 	"math/rand"
 )
 
@@ -13,3 +14,19 @@ func GenerateSecureToken(length int) string {
 	}
 	return hex.EncodeToString(b)
 }
+
+// GenerateHashFromString is used to generate a hashed version of the argument passed string
+func GenerateHashFromString(secret string) (string, error) {
+	hashed, err := bcrypt.GenerateFromPassword([]byte(secret), bcrypt.DefaultCost)
+	if err != nil {
+		return "", err
+	}
+
+	return string(hashed), nil
+}
+
+// CompareHashAndString is used to verify that a string matches a provided hash
+func CompareHashAndString(hash string, str string) bool {
+	res := bcrypt.CompareHashAndPassword([]byte(hash), []byte(str))
+	return res == nil
+}