[Users] passwords deleted after downgrade ?

Andrej Kacian andrej at kacian.sk
Sat May 6 15:01:46 CEST 2017


On Sat, 6 May 2017 13:49:05 +0200
mi <codejodler at gmx.ch> wrote:

> Andrej,
> 
> Congrats ! That worked !! Many thanks !!
> 
> I'd be curious to know why ?

I'm glad you got your passwords back. :)

My clue was you mentioning that the passwords in preference dialogs
were showing as too long. That is usually caused by decrypting with
wrong parameters, so instead of the password, you would get random
gibberish.

What happened is that when you started 3.11.1, salt[1] used to
encrypt/decrypt the passwords was deleted, since that version just
ignores unknown preferences. Salt is stored in clawsrc file.

So when you upgraded again, 3.14.1 had to generate a new random salt,
which of course did not work with passwords encrypted with the previous
one. Restoring both files from backup, instead of just one, caused
correct salt to be used with correct encrypted passwords.

> Now i'm back to square but i started already the complicated auth process with the most important provider, it's not your average one but special security so i need to send some documents and provide history infos. Luckily i got all that in backups, so it should work.
> 
> You knew that another provider, GMX, threw out online password recover for free accounts, and now requires you to phone calla nd they charge 4 Euro per minute, and i bet you'd need a coupls of them ... *sigh*

Liz in another reply already mentioned using a good password manager
with redundant backups of the database file. 0 Euro per minute. :)


1. https://en.wikipedia.org/wiki/Salt_%28cryptography%29

Regards,
-- 
Andrej



More information about the Users mailing list