Bug #3713

passwords with non-ASCII chars will not work if OS is upgraded to 4.4.2/android-20/KitKat

Added by hans over 3 years ago.

Status:NewStart date:09/05/2014
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Component:

Description

Due to a bug in Android's implementation of PBKDF2WithHmacSHA1, which is what CacheWord uses. It was only using the first 8-bits of any unicode character when deriving a key from a password. This was fixed in KitKat, but that means that a password with non-ASCII characters in it will then cause a different key to be generated since it is now using all the bits of the unicode characters.

https://android-developers.blogspot.com/2013/12/changes-to-secretkeyfactory-api-in.html

So if a user installed this app on <4.4.2, set a password with non-ASCII characters, then upgraded to 4.4/KitKat or newer, they will be locked out.

This should be entirely handled in CacheWord, but that has not be done yet.


Related issues

Related to CacheWord - Task #3664: handle PBKDF2WithHmacSHA1 changes in 4.4 New 08/22/2014
Related to GLSP - Bug #3712: passwords with non-ASCII chars will not work if OS is upg... New 09/05/2014
Related to ChatSecure:Android - Bug #3714: passwords with non-ASCII chars will not work if OS is upg... New 09/05/2014
Related to Secure Reader - Bug #3715: passwords with non-ASCII chars will not work if OS is upg... New 09/05/2014

Also available in: Atom PDF