Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 48aedd8a authored by Eric Biggers's avatar Eric Biggers
Browse files

Fix excessive scrypt time on lightweight devices 

The LSKF stretching is not supposed to be user-noticeable.  But
sometimes it actually is, especially on watch form factor devices.

We *could* just remove the LSKF stretching entirely, as it's not where
the real security comes from in the vast majority of cases.  However, by
instead tuning it to be 4x faster, we get 75% of the time back (i.e.
most of it) while still leaving the brute-forcing much slower than not
having scrypt at all.  So, let's do that for now.

This change applies to new LSKFs only.  Existing LSKFs are unaffected
and continue to use the old scrypt parameters that are stored on-disk.

Bug: 416772194
Flag: android.security.scrypt_parameter_change
Test: atest FrameworksServicesTests:com.android.server.locksettings
Test: Added logging before and after stretchLskf, and verified that this
      change made stretchLskf about 4x faster for new LSKFs.
Test: Verified that device with LSKF already set can still be unlocked
      after taking this change.
Change-Id: I0c14edfafa5bce0d67b5705e0576cb11c653f9d7
parent 12b00cbf
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment