New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible database corruption on save in v1.18 #130
Comments
|
Thanks for the quick response.
|
Yes, unfortunately the nightmare scenario is on... The new express-unlock feature messes up the saving. So far, up to 1% of users could have installed 1.18 as part of the phased rollout. I have stopped the rollout and posted a warning on twitter and reddit. The issue is caused by using old encryption keys with new randomized seeds. Restoring corrupted database is possible by planting old (last working) random seeds to the new database, with a hex editor. A less involved solution is to restore a backup file, but with loss of some latest changes. Sorry about this. The fix in underway. |
Better news: it will be possible to restore corrupted databases directly in the app. This will involve the last good in-app backup file, so make sure your backup files are stored long enough (KeePassium settings → Database Backup → Keep Backup Files for → at least 7 days). The fix has been implemented, but I'd like to test it really thoroughly this time. (The problem affects all DB formats and all 1.18 users, but it does not show up in premium/beta/test versions. That's why I did not notice it initially.) |
Uploading the update right now. Hopefully, the expedite AppStore review is fast. |
I believe I have this exact issue. The sad part is that I exported the last DB and Key combination and reinstalled the 1.18 App version because I had issues with password autofill. So now I have no previous KeePassium based DB backup. I only have a one month old offline backup DB. Is there a manual way to restore the current DB using the one month old DB? I really don't want to loose one month's data. |
@PanzerSajt, ouch. Sorry about that. I'm afraid, restoring the database requires the header of the most recent good database (the one after which things went wrong). Or at least the saved encryption key in the keychain. Reinstalling KeePassium erased both of these. If you happen to store your database in a cloud, maybe it has a history of recent file versions. Or if you have the iCloud backup enabled, you can try to extract KeePassium's backups from there. |
Unfortunately there was no automatic cloud backup or iCloud backup. So it means I am stuck with the old DB. |
I will, but it does not look too promising so far. Here's some technical detail. The encryption key is a function of the composite master key(database password mixed with the key file, if any) and some random sequences stored in the DB header. The function is called the key derivation function (KDF).
When you open a database, KeePassium uses the composite master key and the data from the DB header to calculate the encryption key. To speed up future decryption, the app stores both the composite master key and the derived encryption key. (This can be turned off by the "Remember master keys" option.) Before saving a modified database, the random sequences are re-randomized, the app derives the new encryption key, and uses it to encrypt the database. The new random sequences are also saved in the DB header. Due to my error, v1.18 does randomize and write the random sequences, but still uses the old (saved) encryption key to encrypt the database. As a result, the next time any app tries to decrypt the database, the derived key is based on the new random sequences and thus produces a different encryption key. At the moment, I see only two possibilities to access a damaged database:
I don't see how to make this work with an older database, but maybe I am missing something... |
1.5 hours ago (18:30 CET) Apple confirmed they will proceed with an expedited review. No further updates so far. Status as of 4 October: Steps to restore damaged databases are coming soon. |
Version 1.19 with the fix has been released. Auto-updates are scheduled to start slowly, so please update manually. Steps to restore a damaged database:
After this, the restored database should work normally both in KeePassium and other apps. Historically, all KeePassium updates used to pass through a week of beta testing by volunteers, as a precaution. Time time I became too self-confident, decided all the changes were minor and risk-free, and released directly to the App Store (thankfully, as a gradual release). Lesson learned: never skip pre-release beta testing. Again, sorry for the mess. |
Can anybody confirm if the issue still occurs in 1.19, please? |
Hey, I’ve updated the app and tested it. I could successfully edit and reopen the DB. Everything seems fine. Thanks for the quick fix! |
Thank you for checking, @tansly! @PanzerSajt , if you run a macOS, check if it has a Time Machine backup of the previous DB version. |
Describe the bug
When I change the database on my iPhone (add some entry etc.), I can no longer access it when I reopen the database (says the password or keyfile is invalid). I transfer the file to my computer (using iCloud drive, Google drive etc.) and I can't open there as well (HMAC mismatch).
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I should be able to reopen the database with my password.
Screenshots
I can add if necessary, but I don't think it'll help.
User Information (please complete the following information):
Additional context
I can add if necessary but I can't think of anything else right now.
The text was updated successfully, but these errors were encountered: