WAI
Status Update
No update yet.
Comments
no...@gmail.com
Also see "Password/Pattern Serialization use 8 byte salts
(LockPatternUtils.java),"https://code.google.com/p/android/issues/detail?id=37219 ; "Lock Pattern uses Unsalted SHA Hash (LockPatternUtils.java),"
https://code.google.com/p/android/issues/detail?id=37218 ; "Lock Pattern/Password uses MD5 Hash (LockPatternUtils.java)," https://code.google.com/p/android/issues/detail?id=37213 .
(LockPatternUtils.java),"
en...@google.com
no...@gmail.com
Marco Gargenta has a great presentation called "Android Security Underpinnings from Android Builders Summit" (http://www.youtube.com/watch?v=NS46492qyJ8 ). Marco's encryption example prompts for a password and uses a byte[] that is zeroized. The code shown near the end of the presentation, which is about 1:40:00 into the video.
nn...@google.com
So, the TL;DR is basically don't worry about this.
Historically, it was considered a best practice to ensure credential information was wiped from memory. This advise was given because it was assumed that most processes were running on single-user systems, where one process had the ability to inspect memory of other processes.
However, that assumption is no longer true on modern operating systems. In Android, each process runs in it's own security sandbox, and one process cannot inspect the memory associated with other processes. Because of process isolation, there's no security advantage in attempting to wipe memory. Any attack which involves one process being able to read the memory of another process has already so significantly compromised the system that memory leaks are the least of your concerns. Attempting to sanitize memory provides no security benefit and introduces significant complexity.
Historically, it was considered a best practice to ensure credential information was wiped from memory. This advise was given because it was assumed that most processes were running on single-user systems, where one process had the ability to inspect memory of other processes.
However, that assumption is no longer true on modern operating systems. In Android, each process runs in it's own security sandbox, and one process cannot inspect the memory associated with other processes. Because of process isolation, there's no security advantage in attempting to wipe memory. Any attack which involves one process being able to read the memory of another process has already so significantly compromised the system that memory leaks are the least of your concerns. Attempting to sanitize memory provides no security benefit and introduces significant complexity.
Description
Strings are immutable, and connot be wiped or zeroized. Using Strings violates best practices for handling of secrets ("Using Password-Based Encryption,"
771. public byte[] passwordToHash(String password) {
772. if (password == null) {
773. return null;
774. }
775. String algo = null;
776. byte[] hashed = null;
777. try {
778. byte[] saltedPassword = (password + getSalt()).getBytes();
779. byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword);
780. byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword);
781. hashed = (toHex(sha1) + toHex(md5)).getBytes();
782. } catch (NoSuchAlgorithmException e) {
783. Log.w(TAG, "Failed to encode string because of missing algorithm: " + algo);
784. }
785. return hashed;
786. }