On Friday, October 5, 2012 11:14:18 PM UTC+2, Jeffrey Walton wrote: > > On Thu, Oct 4, 2012 at 2:23 PM, Jakob Bohm <[email protected]<javascript:>> > wrote: > > In the official guide at > > http://developer.android.com/tools/publishing/app-signing.html it is > > strongly recommended that developers use self-signed certificates valid > > until the year 2034, but using cryptographic algorithms that are not > even > > secure for use in the year 2012, specifically that page strongly > recommends > > (almost insists) that signing should be done with a combination of MD5 > > (completely broken!), SHA-1 (mostly broken, deprecated) and 2048 bit RSA > > (the minimum key length for use in 2012, way too weak for 2033). > > > > This raises two obvious questions: > > > > 1. Why hasn't that page been updated to reflect the "current" state of > the > > art? > > > > 2. What are the maximum key and algorithm strengths supported by the apk > > verification code in different Android versions (For instance an apk > that is > > supposed to be compatible with Android 2.1 devices is limited to > whatever > > strength Android 2.1 can verify, but another apk that has a minimum > system > > requirement of Android 3.0 anyway is only limited by whatever Android > 3.0 > > and later can verify)? > There's a bug report for that: "Keytool and Default Keysize for > Signing Apps," https://code.google.com/p/android/issues/detail?id=35327. > > That is a surprisingly recent bug report for such an obvious security problem.
> A while back I tested a 3072 modulus on an HTC EVO 4G running Android > 4.0 or 4.1 (all OK). I did not test on older versions. > > > I have read rumors of a few people using 8192 bit modulus for signing some apps, but I really would like to know the limitations of various "upstream" android versions, so I can set my key length according to the lowest android release supported for other reasons. (It would be sad to write tons of code designed to work on for example all post 2.1.3 versions, and then accidentally sign it with a key that can only be accepted by 2.3.4 or later, and it would be equally sad to use a weak key needed only for compatibility with Android 1.6 if the code won't run on 1.6 anyway). We do of cause have a "zoo" of old phones for testing, but without documentation (or at least a pointer to the relevant files in GIT), it is hard to tell if something works on all phones of that generation or only on the specific model/configuration/firmware in the zoo. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/0WqEtHmalyIJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
