Facilitating the spread of knowledge and innovation in professional software development



Choose your language

InfoQ Homepage News Android 4.4 KitKat and the Secret Key Factory

Android 4.4 KitKat and the Secret Key Factory

Lire ce contenu en français


With the introduction of Android 4.4, developers are being asked to change the way symmetric keys are generated from passphrases via the SecretKeyFactory. This change affects programs that use the PBKDF2WithHmacSHA1 key generation algorithm if their users are allowed to use Unicode passphrases.

Previously the PBKDF2WithHmacSHA1 algorithm only looked at the lower eight bits of each character in the passphrase. This is in conflict with the September 2000 recommendation by RSA Laboratories known as PKCS #5: Password-Based Cryptography Specification Version 2.0.

Since this is a breaking change, developers can maintain backwards compatibility by using the old algorithm. This legacy version has been renamed PBKDF2WithHmacSHA1And8bit and can be accessed using this sample code from the Android Developers Blog.

SecretKeyFactory factory;
// Use compatibility key factory -- only uses lower 8-bits of passphrase chars
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit");
} else {
// Traditional key factory. Will use lower 8-bits of passphrase chars on
// older Android versions (API level 18 and lower) and all available bits
// on KitKat and newer (API level 19 and higher).
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

We need your feedback

How might we improve InfoQ for you

Thank you for being an InfoQ reader.

Each year, we seek feedback from our readers to help us improve InfoQ. Would you mind spending 2 minutes to share your feedback in our short survey? Your feedback will directly help us continually evolve how we support you.

Take the Survey

Rate this Article


Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p


Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.