passwords different version 2.4-java and version 2.7.1 on different android

mat goulden's Avatar

mat goulden

16 Jul, 2019 08:00 PM

Hi Maarten,

Thanks for this tool and your other contributions e.g. BASH IRC; big respect!

Oon change of phone and change of version I am getting different passwords out. This is pretty scary as I use MasterPassword for everything everywhere (I'm a believer)

Original install on Motorola Moto G 4G; version 2.4-java (with the reassuring 'Integrity Tests' feature); sourced some years back.
Running android 5.1
New install on Pixel 3a; version 2.7.1; sourced today from http://www.masterpasswordapp.com/
Running Android 9

Neither phone will allow me to take a screenshot to confirm this; I guess this is a MasterPassword restriction?

Checking manually that the entries are the same on motorola, pixel...
john,john
doe,doe
checkit,checkit
Type Long, Type long
Counter 1,Counter 1
Algorithm V0,Algorithm V0
Lanc8.KukkWaqa,Lanu8_GukeWamq

Look forward to hearing how to deal with this. I've been proselytising about how great this app is for years.
Best regards
M

  1. Support Staff 1 Posted by Maarten Billemo... on 16 Jul, 2019 09:02 PM

    Maarten Billemont's Avatar

    You're saying the Lanu8_GukeWamq result is obtained on the Pixel 3a (Android 9) running version 2.7.1?

  2. 2 Posted by mat goulden on 17 Jul, 2019 07:59 AM

    mat goulden's Avatar

    yes, that's correct

  3. 3 Posted by Bruno on 24 Aug, 2019 02:59 PM

    Bruno's Avatar

    Any updates about this situation ?
    If it's a proven fact it has lost all his accounts :-0

  4. Support Staff 4 Posted by Maarten Billemo... on 11 Sep, 2019 01:08 AM

    Maarten Billemont's Avatar
  5. Maarten Billemont closed this discussion on 11 Sep, 2019 01:08 AM.

  6. Maarten Billemont re-opened this discussion on 21 Sep, 2019 03:31 AM

  7. Support Staff 5 Posted by Maarten Billemo... on 21 Sep, 2019 03:31 AM

    Maarten Billemont's Avatar

    It's important to note that though this distinction is troubling, it only exists on algorithm versions < 3. If all apps are updated to use the current version of the algorithm, they should all agree on the generated password. In this case, the output password for V3 is: Darv8^CukeZaxf, on all devices.

    I will conduct a full analysis of the problem in #302, but for now, my advice is, always ensure you are on the latest algorithm version.

    V0 has a bug in it that causes the algorithm's result to be platform/architecture dependent (more specifically, it performed math on bytes whose numerical value's signedness depends on the platform, thereby resulting on some platforms treating the byte as a positive integer and other platforms treating it as a full integer, yielding different numerical values).

  8. Support Staff 6 Posted by Maarten Billemo... on 27 Sep, 2019 03:17 AM

    Maarten Billemont's Avatar

    The investigation into this issue was concluded at #302, please see there for the conclusion.

  9. Maarten Billemont closed this discussion on 27 Sep, 2019 03:17 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

15 Oct, 2019 12:51 PM
14 Oct, 2019 08:48 AM
09 Oct, 2019 02:41 PM
06 Oct, 2019 01:38 PM
04 Oct, 2019 04:48 PM