Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 686e213f authored by Eric Biggers's avatar Eric Biggers
Browse files

Stop recognizing legacy password hashes 

LockSettingsService supports maintaining a password history, to support
DevicePolicyManager#setPasswordHistoryLength().  The original
implementation of this feature used an insecure password hash function
which effectively leaked passwords to DE storage.  This was fixed in
Android 9 (b/32826058), but the ability to recognize the insecure legacy
password hashes was retained to make any password reuse requirement be
enforced continuously as devices were upgraded.

However, because Android 9 was so long ago, it's no longer useful to
still recognize these legacy hashes.  Even if, hypothetically, a device
were to be upgraded all the way from a version *before* Android 9 to the
current version, dropping support for the legacy hashes would just mean
that passwords used before Android 9 could be reused.

We shouldn't keep around known-insecure code, since it could be
accidentally misused in the future.

Thus, let's begin the process of removing this code. Stop recognizing
legacy hashes in the password history.

Bug: 442877927
Flag: android.security.stop_recognizing_legacy_password_hashes
Test: atest FrameworksServicesTests:com.android.server.locksettings
Change-Id: I260b1f05ef6779d4df4f88ad686c34dc394faf58
parent e3c0540a

core/java/android/security/flags.aconfig

+7 −0
Original line number Diff line number Diff line
@@ -66,6 +66,13 @@ flag { 
    bug: "395976735"

}



flag {

    name: "stop_recognizing_legacy_password_hashes"

    namespace: "security"

    description: "Make LockSettingsService stop recognizing legacy password hashes"

    bug: "442877927"

}



flag {

    name: "frp_enforcement"

    is_exported: true

core/java/com/android/internal/widget/LockPatternUtils.java

+8 −2
Original line number Diff line number Diff line
@@ -602,10 +602,16 @@ public class LockPatternUtils { 
        String[] history = passwordHistory.split(PASSWORD_HISTORY_DELIMITER);

        // Password History may be too long...

        for (int i = 0; i < Math.min(passwordHistoryLength, history.length); i++) {

            if (android.security.Flags.stopRecognizingLegacyPasswordHashes()) {

                if (history[i].equals(passwordHash)) {

                    return true;

                }

            } else {

                if (history[i].equals(legacyHash) || history[i].equals(passwordHash)) {

                    return true;

                }

            }

        }

        return false;

    }