Advanced Master Key Derivation Technique Feature #136
Description
Hi,
I would like to propose a new Master Key Derivation technique that can be derived on the fly to better secure Secrets for Android's master key. A master password would need to be strong (coupled with a good KDF like bcrypt) but that means users have to put in effort to memorize a strong password. The proposed technique below allows utilization of weak passwords to make them strong with the assumption of using cryptographic keystore supplied by Android OS or by a hardware Secure Element.
Assuming that the keystore does not allow the plaintext keys to be retrieved, Secrets for Android could afford the use of weak passwords as master secrets.
To derive the Master Key (MK) , the keystore Secret Key (SK) would have to be XOR'ed with a stretched user define Password (P) in the form of: MK = SK ^ PBKDF(P). The MK should always be derived on the fly and never stored in any form. It is assumed that the MK is erased after use by filling it's bytes to zero (zeroizing).
With this advanced scheme, the lost of the device or the use of weak passwords without the device would not affect the security of the secrets. Offline bruteforce of the weak passwords would not yield the MK as the MK requires the use of a device dependent SK.