From bb07a586ca7181f6aed6289aa75cd02208068482 Mon Sep 17 00:00:00 2001
From: David Kelly <david@highfidelity.io>
Date: Thu, 7 Sep 2017 19:24:31 -0700
Subject: [PATCH] warning, plus salting passphrase now

---
 interface/src/commerce/Wallet.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/interface/src/commerce/Wallet.cpp b/interface/src/commerce/Wallet.cpp
index 6bd010730f..2faa08064d 100644
--- a/interface/src/commerce/Wallet.cpp
+++ b/interface/src/commerce/Wallet.cpp
@@ -55,9 +55,12 @@ QString imageFilePath() {
 // use the cached _passphrase if it exists, otherwise we need to prompt
 int passwordCallback(char* password, int maxPasswordSize, int rwFlag, void* u) {
     // just return a hardcoded pwd for now
-    auto passphrase = DependencyManager::get<Wallet>()->getPassphrase();
+    auto wallet = DependencyManager::get<Wallet>();
+    auto passphrase = wallet->getPassphrase();
     if (passphrase && !passphrase->isEmpty()) {
-        strcpy(password, passphrase->toLocal8Bit().constData());
+        QString saltedPassphrase(*passphrase);
+        saltedPassphrase.append(wallet->getSalt());
+        strcpy(password, saltedPassphrase.toUtf8().constData());
         return static_cast<int>(passphrase->size());
     } else {
         // this shouldn't happen - so lets log it to tell us we have
@@ -254,7 +257,6 @@ RSA* readPrivateKey(const char* filename) {
     }
     return key;
 }
-static const unsigned char IVEC[16] = "IAmAnIVecYay123";
 
 void initializeAESKeys(unsigned char* ivec, unsigned char* ckey, const QByteArray& salt) {
     // use the ones in the wallet