IssueTracker

https://android.googlesource.com/platform/frameworks/base/+/HEAD/core/java/com/android/internal/widget/LockPatternUtils.java

In addition, each password in the password history appears to use the same salt. The practice creates a number of similar single-instance problems, rather than a multi-instance problem. "Multi-Instance Security and its Application to Password-Based Cryptography," eprint.iacr.org/2012/196.pdf.

749.    private String getSalt() {
750.        long salt = getLong(LOCK_PASSWORD_SALT_KEY, 0);
751.        if (salt == 0) {
752.            try {
753.                salt = SecureRandom.getInstance("SHA1PRNG").nextLong();
754.                setLong(LOCK_PASSWORD_SALT_KEY, salt);
755.                Log.v(TAG, "Initialized lock password salt");
756.            } catch (NoSuchAlgorithmException e) {
757.                // Throw an exception rather than storing a password we'll never be able to recover
758.                throw new IllegalStateException("Couldn't get SecureRandom number", e);
759.            }
760.        }
761.        return Long.toHexString(salt);762.    }