Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / f01e90789eb27bc538df13374b6e67991c0ea829
commitf01e90789eb27bc538df13374b6e67991c0ea829[log] [tgz]
authorRubin Xu <rubinxu@google.com>Fri Mar 30 20:59:28 2018 +0100
committerRubin Xu <rubinxu@google.com>Sat Apr 21 09:46:23 2018 +0100
treedd80cb4b98b2dbfa23c9f3ac021685728d753620
parentd7cea28bbc43e80dd7da44b275ffe53f127af0bf [diff]
Make password history hashing more secure

Instead of hashing the password directly which makes it possible to bruteforce
the password offline, hash the password together with the synthetic password.
This means without knowledge of the synthetic password, the hash itself is
useless.

As a consequence of this change, saving and checking historical password would
now also require the current device password to be provided. Checking password
history also takes more time due to the need to unwrap synthetic password, at
around 100-200ms.

Bug: 32826058
Test: manual
Change-Id: Icb65171b8c8b703d8f0aa3a8cb2bf7ad96c1332d
4 files changed
tree: dd80cb4b98b2dbfa23c9f3ac021685728d753620
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. telecomm/
  26. telephony/
  27. test-base/
  28. test-legacy/
  29. test-mock/
  30. test-runner/
  31. tests/
  32. tools/
  33. vr/
  34. wifi/
  35. Android.bp
  36. Android.mk
  37. CleanSpec.mk
  38. MODULE_LICENSE_APACHE2
  39. NOTICE
  40. pathmap.mk
  41. PREUPLOAD.cfg