Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 34c47c85 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Don't rely on the system locale for converting to/from bytes.

By default, when java converts Strings to bytes, it uses the
default system locale.  This can be specified by the -Dfile.encoding
option.  If no file encoding is specified, java uses ISO8859_1.

Unfortunately, not all unicode characters can be mapped to
ISO8859_1.  Unmappable characters may be replaced by a byte
within ISO8859_1, which may change the meaning of the String.
This is especially problematic for password strings, and has
been used to compromise the security of passwords in the
past.

Thankfully, Android uses UTF-8 by default, so this bug doesn't
effect Android devices.  However, it's recommended to explicitly
list the character set when converting to/from bytes to
avoid the potential ambiguity.

Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8
parent 15b32879
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment