BT

Android 4.4 KitKat and the Secret Key Factory

by Jonathan Allen on Dec 24, 2013 |

With the introduction of Android 4.4, developers are being asked to change the way symmetric keys are generated from passphrases via the SecretKeyFactory. This change affects programs that use the PBKDF2WithHmacSHA1 key generation algorithm if their users are allowed to use Unicode passphrases.

Previously the PBKDF2WithHmacSHA1 algorithm only looked at the lower eight bits of each character in the passphrase. This is in conflict with the September 2000 recommendation by RSA Laboratories known as PKCS #5: Password-Based Cryptography Specification Version 2.0.

Since this is a breaking change, developers can maintain backwards compatibility by using the old algorithm. This legacy version has been renamed PBKDF2WithHmacSHA1And8bit and can be accessed using this sample code from the Android Developers Blog.

SecretKeyFactory factory;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
// Use compatibility key factory -- only uses lower 8-bits of passphrase chars
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit");
} else {
// Traditional key factory. Will use lower 8-bits of passphrase chars on
// older Android versions (API level 18 and lower) and all available bits
// on KitKat and newer (API level 19 and higher).
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
}

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT