Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Android 4.4 KitKat and the Secret Key Factory

Android 4.4 KitKat and the Secret Key Factory

Lire ce contenu en français

With the introduction of Android 4.4, developers are being asked to change the way symmetric keys are generated from passphrases via the SecretKeyFactory. This change affects programs that use the PBKDF2WithHmacSHA1 key generation algorithm if their users are allowed to use Unicode passphrases.

Previously the PBKDF2WithHmacSHA1 algorithm only looked at the lower eight bits of each character in the passphrase. This is in conflict with the September 2000 recommendation by RSA Laboratories known as PKCS #5: Password-Based Cryptography Specification Version 2.0.

Since this is a breaking change, developers can maintain backwards compatibility by using the old algorithm. This legacy version has been renamed PBKDF2WithHmacSHA1And8bit and can be accessed using this sample code from the Android Developers Blog.

SecretKeyFactory factory;
// Use compatibility key factory -- only uses lower 8-bits of passphrase chars
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit");
} else {
// Traditional key factory. Will use lower 8-bits of passphrase chars on
// older Android versions (API level 18 and lower) and all available bits
// on KitKat and newer (API level 19 and higher).
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

Rate this Article