Bug #3712: passwords with non-ASCII chars will not work if OS is upgraded to 4.4.2/android-20/KitKat - GLSP - Guardian Project Dev (ARCHIVED SITE)

Bug #3712

« Previous | 8 of 11 | Next »

passwords with non-ASCII chars will not work if OS is upgraded to 4.4.2/android-20/KitKat

Added by hans over 3 years ago.

Status:

New

Start date:

09/05/2014

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Spent time:

Target version:

Component:

Description

Due to a bug in Android's implementation of PBKDF2WithHmacSHA1, which is what CacheWord uses. It was only using the first 8-bits of any unicode character when deriving a key from a password. This was fixed in KitKat, but that means that a password with non-ASCII characters in it will then cause a different key to be generated since it is now using all the bits of the unicode characters.

https://android-developers.blogspot.com/2013/12/changes-to-secretkeyfactory-api-in.html

So if a user installed this app on <4.4.2, set a password with non-ASCII characters, then upgraded to 4.4/KitKat or newer, they will be locked out.

This should be entirely handled in CacheWord, but that has not be done yet.

Related issues

Also available in: Atom PDF

GLSP

Issues

Custom queries

Bug #3712

passwords with non-ASCII chars will not work if OS is upgraded to 4.4.2/android-20/KitKat

	Related to CacheWord - Task #3664: handle PBKDF2WithHmacSHA1 changes in 4.4	New	08/22/2014
	Related to CameraV (InformaCam Project) - Bug #3713: passwords with non-ASCII chars will not work if OS is upg...	New	09/05/2014