Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Online key backup breaks after changing password? #9434

Open
ara4n opened this Issue Apr 12, 2019 · 11 comments

Comments

Projects
None yet
6 participants
@ara4n
Copy link
Member

commented Apr 12, 2019

I changed my password; after refreshing, the app claimed to be doing online key backup but empirically none of my history was visible.

This is going to break things massively for people after being told to reset passwords after security incident.....

@shirishag75

This comment was marked as off-topic.

Copy link

commented Apr 12, 2019

same thing here. Unable to do anything. I have no clue what's happening. I had asked to reset email but nothing came on my email inbox. Checked my spam too :(

Failed to send email: Not Found (Status 404) . Does this mean everything is down the drain ?

@turt2live turt2live added this to In Progress in Workflow via automation Apr 12, 2019

@turt2live turt2live moved this from In Progress to Raging Inferno 🔥🔥🔥 in Workflow Apr 12, 2019

@lampholder

This comment has been minimized.

Copy link
Member

commented Apr 12, 2019

Perhaps related to #9425

I've just run some tests with a new test account, so far I have been able to:

  • create encrypted rooms
  • create a backup
  • log out
  • log in
  • change password
  • restore from backup
  • create new encrypted rooms
  • log out
  • log in
  • restore backup
  • log out
  • log in
  • change password
  • restore backup

Which I think demonstrates that both reading from and writing to the backup is succeeding for small key sets on matrix.org.

@lampholder

This comment has been minimized.

Copy link
Member

commented Apr 12, 2019

I'll try the password-reset-by-email flow to see if that makes any difference.

@shirishag75 are you able to provide a more detailed description of what you attempted and what failure modes you experienced?

@lampholder

This comment has been minimized.

Copy link
Member

commented Apr 12, 2019

From Matthew:

what i roughly did last night was:

login and enable keybackup (existing backup) on new desktop account
login and enable keybackup on iOS
change password on web
see that everything is undecryptable on web, but the dialog says it's participating in key backup with a valid sig from mobile but an invalid sig from desktop
log out of web and log in again, enter passphrase; everything worked.
@shirishag75

This comment was marked as off-topic.

Copy link

commented Apr 12, 2019

I'll try the password-reset-by-email flow to see if that makes any difference.

@shirishag75 are you able to provide a more detailed description of what you attempted and what failure modes you experienced?

What I had done was try to change the password and was supposed to get an e-mail, perhaps a token link which would enable the change password to be done properly but that hasn't happened. I haven't received an e-mail or token from *@riot.im . I just got a Failed to send email: Not Found (Status 404) . which is quite cryptic. Does it mean for some reason it hasn't found my e-mail address or some other thing. The other possibility is that the push button to e-mail process didn't work.

There is one another issue which is that the repo.

deb https://riot.im/packages/debian/ stretch main doesn't work atm. But that probably is another issue altogether as well as http://matrix.org/packages/debian/ buster debian all of them are 404.

@lampholder

This comment was marked as off-topic.

Copy link
Member

commented Apr 12, 2019

Okay, that doesn't sound related to the key backup issue - I'd guess it's related to the recent outage we've had of some of the components of matrix.org. We could definitely have more enlightening error messages, though.

@shirishag75

This comment was marked as off-topic.

Copy link

commented Apr 12, 2019

@lampholder I am clueless as to the way forward. My previous password I had changed about 10 hours back but didn't get an email. Should I try changing the password again or do what so I have a token and can carry on the work. I know that previous E2E rooms and conversations I probably have lost access to but at least public rooms if I'm able to access would be something.

@akontsevich

This comment was marked as off-topic.

Copy link

commented Apr 12, 2019

For future: please add possibility (not default - only if user selects correspondent option in settings for certain PC/device - at least for on home for example) to store rooms encryption keys locally in settings unencrypted (or encrypted by account password) to prevent loosing message history in future. I think it is helpful to do at least for desktop version.

For now adding new room - mean new encryption key - need to resave/backup keys again, right?

@jryans

This comment has been minimized.

Copy link
Member

commented Apr 17, 2019

@shirishag75 @akontsevich Thanks for the feedback, and I am sorry you are having trouble with Riot. It sounds like your issues are not related to key backup specifically, so please file new issues so we can track them separately.

@akontsevich

This comment has been minimized.

Copy link

commented Apr 17, 2019

@jryans, thanks, created #9514.

@lampholder lampholder added p2 and removed critical 🔥 Fire 🔥 labels Apr 23, 2019

@lampholder

This comment has been minimized.

Copy link
Member

commented Apr 23, 2019

Deprioritising this some because we've had no other reports of it - if people do experience this please add to this issue/upvote

@jryans jryans removed this from Raging Inferno 🔥🔥🔥 in Workflow Apr 24, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.