passwords different version 2.4-java and version 2.7.1 on different android
Hi Maarten,
Thanks for this tool and your other contributions e.g. BASH IRC; big respect!
Oon change of phone and change of version I am getting different passwords out. This is pretty scary as I use MasterPassword for everything everywhere (I'm a believer)
Original install on Motorola Moto G 4G; version 2.4-java (with the reassuring 'Integrity Tests' feature); sourced some years back.
Running android 5.1
New install on Pixel 3a; version 2.7.1; sourced today from http://www.masterpasswordapp.com/
Running Android 9
Neither phone will allow me to take a screenshot to confirm this; I guess this is a MasterPassword restriction?
Checking manually that the entries are the same on motorola, pixel...
john,john
doe,doe
checkit,checkit
Type Long, Type long
Counter 1,Counter 1
Algorithm V0,Algorithm V0
Lanc8.KukkWaqa,Lanu8_GukeWamq
Look forward to hearing how to deal with this. I've been proselytising about how great this app is for years.
Best regards
M
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Maarten Billemo... on 16 Jul, 2019 09:02 PM
You're saying the
Lanu8_GukeWamq
result is obtained on the Pixel 3a (Android 9) running version 2.7.1?2 Posted by mat goulden on 17 Jul, 2019 07:59 AM
yes, that's correct
3 Posted by Bruno on 24 Aug, 2019 02:59 PM
Any updates about this situation ?
If it's a proven fact it has lost all his accounts :-0
Support Staff 4 Posted by Maarten Billemo... on 11 Sep, 2019 01:08 AM
https://gitlab.com/MasterPassword/MasterPassword/issues/302
Maarten Billemont closed this discussion on 11 Sep, 2019 01:08 AM.
Maarten Billemont re-opened this discussion on 21 Sep, 2019 03:31 AM
Support Staff 5 Posted by Maarten Billemo... on 21 Sep, 2019 03:31 AM
It's important to note that though this distinction is troubling, it only exists on algorithm versions < 3. If all apps are updated to use the current version of the algorithm, they should all agree on the generated password. In this case, the output password for V3 is:
Darv8^CukeZaxf
, on all devices.I will conduct a full analysis of the problem in #302, but for now, my advice is, always ensure you are on the latest algorithm version.
V0 has a bug in it that causes the algorithm's result to be platform/architecture dependent (more specifically, it performed math on bytes whose numerical value's signedness depends on the platform, thereby resulting on some platforms treating the byte as a positive integer and other platforms treating it as a full integer, yielding different numerical values).
Support Staff 6 Posted by Maarten Billemo... on 27 Sep, 2019 03:17 AM
The investigation into this issue was concluded at #302, please see there for the conclusion.
Maarten Billemont closed this discussion on 27 Sep, 2019 03:17 AM.