Gitiles
Code Review Sign In
android-review.linaro.org / platform / system / vold / e87440703663f5ee326326f6438f3b00ea315623
commite87440703663f5ee326326f6438f3b00ea315623[log] [tgz]
authorKen Sumrall <ksumrall@android.com>Tue Jan 18 22:01:55 2011 -0800
committerKen Sumrall <ksumrall@android.com>Tue Jan 18 22:01:55 2011 -0800
tree19a888075b69a69ece6b1c4ce43904ac36ba9733
parent0cc166385a7e1d3026bbcb62f094e419f779e872 [diff]
Create and use a salt when calling pbkdf2 to encrypt/decrypt the master key.

In order to prevent rainbow table attacks on decrypting the master key,
create a 16 byte "salt" by reading /dev/urandom.  This is done right after
reading urandom to get the master key for the filesystem.  The salt is
stored 32 bytes after the end of the key (a padding added to help prevent
accidental overwriting of the salt) and the salt is fixed at 16 bytes long.

This change will make existing encrypted filesystems unusable.

Change-Id: I420549d064c61d38aea78eef4d86c88acb265ca3
2 files changed
tree: 19a888075b69a69ece6b1c4ce43904ac36ba9733
  1. tests/
  2. Android.mk
  3. Asec.h
  4. CleanSpec.mk
  5. CommandListener.cpp
  6. CommandListener.h
  7. cryptfs.c
  8. cryptfs.h
  9. Devmapper.cpp
  10. Devmapper.h
  11. DirectVolume.cpp
  12. DirectVolume.h
  13. Fat.cpp
  14. Fat.h
  15. hash.h
  16. logwrapper.c
  17. Loop.cpp
  18. Loop.h
  19. main.cpp
  20. NetlinkHandler.cpp
  21. NetlinkHandler.h
  22. NetlinkManager.cpp
  23. NetlinkManager.h
  24. Process.cpp
  25. Process.h
  26. ResponseCode.cpp
  27. ResponseCode.h
  28. vdc.c
  29. VoldCommand.cpp
  30. VoldCommand.h
  31. Volume.cpp
  32. Volume.h
  33. VolumeManager.cpp
  34. VolumeManager.h
  35. Xwarp.cpp
  36. Xwarp.h