Bug #3712

passwords with non-ASCII chars will not work if OS is upgraded to 4.4.2/android-20/KitKat

Added by hans over 3 years ago.

Status:NewStart date:09/05/2014
Priority:NormalDue date:
Assignee:-% Done:


Category:-Spent time:-
Target version:-


Due to a bug in Android's implementation of PBKDF2WithHmacSHA1, which is what CacheWord uses. It was only using the first 8-bits of any unicode character when deriving a key from a password. This was fixed in KitKat, but that means that a password with non-ASCII characters in it will then cause a different key to be generated since it is now using all the bits of the unicode characters.


So if a user installed this app on <4.4.2, set a password with non-ASCII characters, then upgraded to 4.4/KitKat or newer, they will be locked out.

This should be entirely handled in CacheWord, but that has not be done yet.

Related issues

Related to CacheWord - Task #3664: handle PBKDF2WithHmacSHA1 changes in 4.4 New 08/22/2014
Related to CameraV (InformaCam Project) - Bug #3713: passwords with non-ASCII chars will not work if OS is upg... New 09/05/2014

Also available in: Atom PDF