seeming difference with android app
Hi,
I have been using the app for some time on my android phone on android version 4.4.4 on my Nexus 4. I have just received a new phone (wileyfox storm) which runs a Cyanogen OS - 12.1-YOG4PAS3MG - which is Android 5.1.1 based.
I now find on the new fone passwords are being generated that differ from the version on my old phone and my linux terminal based implementation.
I have checked several times and I dont seem to be typing in anything different. I have tried using my old phone and get the passwords I expected.
Is this a known issue?
Best Regards,
Andy
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Maarten Billemo... on 07 Nov, 2015 11:40 PM
Hey Andy. Can you reproduce the problem with a test user and/or a test master password? If so, please specify the test user name, master password, site name and resulting password on various platforms.
2 Posted by andy on 08 Nov, 2015 12:48 PM
Hi Maarten,
I have tested as follows:
User: New Test User
Password: new test user password
Site: google.com
Resulting passwords:
Terminal C Code Version - Linux Mint 14 Maya: Jifn3*NalzSemi
Nexus 4 Android 4.4.4: Jifn3*NalzSemi
Wileyfox Cyanogen OS - 12.1-YOG4PAS3MG -Android 5.1.1: BetqDoqiPeqv4=
I have done it a few times to make sure the results are consistent each
time.
3 Posted by andy on 11 Nov, 2015 09:01 PM
Hi Maarten,
Just to let you know I tried this on a friends Sony Experia with
Android 5.1.1 running and it returns the results I was expecting so it
seems to be specific to the Cyanogen somehow.....
Support Staff 4 Posted by Maarten Billemo... on 12 Nov, 2015 01:18 AM
Hey Andy,
If you have ADB installed, can you try running:
And then trying the above again to see if you can get some details about the key and password generation of the test site's password on the Cyanogen device?
5 Posted by andy on 13 Nov, 2015 09:17 AM
HI Maarten,
I have tried to use ABD to the phone but I am having problems with the
device not being connected. I set up the UDEV etc. I will and start over
during the weekend with luck.
6 Posted by oli_0x72 on 20 Nov, 2015 09:42 AM
Hi Maarten, hi Andy,
as I encountered the same Issue with my new LG G4 I built the app from source and did some debugging. Compared to an emulator (from android-sdk) everything was exactly the same (masterpassword, masterKeySalt, etc) but the generated masterKeys were different. Obviously the scrypt call returns unequal values for equal parameters.
Spontaneously I suppose either the different Android version (5.0 vs 5.1) or the different architecture (x86 vs arm_x64) to cause the bug in scrypt.
Greetings
Oliver
7 Posted by andy on 20 Nov, 2015 11:30 AM
Thanks for this Oliver, I have not had time to try this further... I'm
clearly not doing something right to get my phone to connect to ADB.
8 Posted by oli_0x72 on 20 Nov, 2015 01:21 PM
Did another test with an Android 5.1 emulator and it works as expected. Unfortunately I did not get the 64bit emulator to work... Therefor I saved the logs this time
Support Staff 9 Posted by Maarten Billemo... on 10 Dec, 2015 01:45 PM
It appears your LG is triggering a bug in the scrypt library.
I'm not sure when I'll have time to debug wg's libscrypt, though. For your reference, it is here: https://github.com/wg/scrypt
10 Posted by oli_0x72 on 11 Dec, 2015 08:09 PM
I had a few minutes today and had a closer look at wg's libscrypt. As you probably know it distinguishes three different loaders (sys, jar and nil).
Sysloader which is used by default leads to mentioned behavior.
JarLoader throws an Exception and
NilLoader with its Java implementation returns the expected key though it takes almost a minute to derive the key.
In case you my need a helping hand investigating this issue feel free to contact me and I'll see what I can do
11 Posted by oli_0x72 on 12 Dec, 2015 11:26 PM
just another short notice: removing the arm64-v8a libscrypt.so leads to the app calculating the right passwords - so bug might be in that library
12 Posted by Mazinger Péter on 22 Dec, 2015 02:33 PM
I have the same issue on a Sony Xperia Z5 Compact, Android 5.1.1 (current official release)
The web/desktop versions deliver the same result, android not.
Note: the Username I tested with contains a "special" character 'é'
13 Posted by Dirk on 02 Jan, 2016 05:30 PM
... same problem here - web and jar versions create the same passwords while android (5.0.2) does not. TEST (user=test, masterpassword=test, site=test) should generate: CefoTiciJuba7@
regards
Dirk
14 Posted by Dirk on 02 Jan, 2016 07:31 PM
Hi all,
I just tested folloing app on Android: https://play.google.com/store/apps/details?id=de.devland.masterpassword
This generated same passwords than web and Java Versions on my PC!
regards
Dirk
15 Posted by Andy Wilson on 02 Jan, 2016 08:49 PM
Having seen this I too have experimented with this app implementation and the results are consistent with the PC and java versions I have installed.
16 Posted by oli_0x72 on 03 Jan, 2016 11:59 PM
Had a look at this app and its source some time ago - it's using its own custom libscrypt.so and therefore doesn't have this issue.
17 Posted by Jinwoo Lee on 16 Feb, 2016 04:54 AM
Seeing this issue on my new Nexus 5x. On my previous phone (Moto X), everything worked fine, but now on my Nexus 5x, all the passwords are different from what I see on my Mac.
18 Posted by oli_0x72 on 19 Feb, 2016 01:08 PM
Hey Jinwoo,
your Nexus 5x has the same 64bit CPU as the LG G4 I own. As I pointed out earlier there's a bug in the 64bit Library Maarten ships with his app. So you have to wait until he will release a new version with a fixed library or get yourself another app.
regards Oliver
Support Staff 19 Posted by Maarten Billemo... on 20 Feb, 2016 11:22 PM
I've been working on a work-around in the mean time. I'll let you know when something becomes available.
Support Staff 20 Posted by Maarten Billemo... on 21 Feb, 2016 04:22 PM
Can people here give this version a try and report back?
https://ssl.masterpasswordapp.com/masterpassword-android-2.4-java.apk
On the bottom, there is a new button "Integrity Tests". From this screen, we run the standard Master Password test suite. If you get unexpected passwords, these tests should fail.
If so, see if disabling "Use native key derivation" helps. The toggle is on the bottom of the tests screen. Note: It will likely make key derivation extremely slow. Key derivation is only needed when the user's name or master password changes (or the app restarts).
21 Posted by Jinwoo Lee on 22 Feb, 2016 07:25 PM
I tested using the apk you linked above. When the "Use native key derivation" checkbox checked, the test immediately fails, saying "Incompatible device or OS". With the checkbox unchecked, the progress is extremely slow indeed but it eventually seemed to have passed. When I came back to the screen after ~2 hours, the test window has gone. I don't know why. But I verified all the tests were passing until it had been running for ~30 minutes.
22 Posted by oli_0x72 on 23 Feb, 2016 04:46 PM
I can verify Jinwoos experience - it was exactly the same: with native fail; without extremely slow (test took about 70 min) but all tests were successful. Additionally I removed the arm64-v8a libscrypt to provoke the usage of the armeabi-v7a library and with it the native key derivation test were successful too (about 60s)
23 Posted by ThisGuy on 09 Aug, 2016 06:14 PM
I started using your tool today and ran into a problem.
Win8 64bit and Android 6 give me the same passwords,
Win10 64bit on the other hand, does not.
I'll get back to you soon with test data and java versions.
24 Posted by Eugen on 12 Oct, 2016 07:40 PM
Hello,
I ran into this problem with my new phone as well.
Was this issue resolved? Is it possible to get an older version of MasterPasswordApp and try it with that one?
Thanks in advance.
Maarten Billemont closed this discussion on 06 May, 2017 12:59 PM.