invalid/wrong password

Help
mathminded
2006-02-21
2012-11-19
1 2 > >> (Page 1 of 2)
  • mathminded
    mathminded
    2006-02-21

    I'm currently using v. 1.03 and was very pleased with how it was going. I recently went to access a database, however, and it gave me the Invalid/wrong password error (0x00000004). I know with *100% certainty* that I'm using the correct password and that it is not a problem with forgetting what case the letters were or anything like that. I read in another post about the repair database option, so I tried that. It gave me the Invalid/corrupted file structure error (0x0000000A). I tried reparing a database I knew worked, using an invalid password, and it gave me the same error. So, I may be getting the second error just because it thinks I'm using the wrong password. What can I do? Have I lost all that I input? If so, thank god I printed off a backup of the crazy passwords I had created! :-)

    If it makes any difference, my password for the database is 24 characters long. I wouldn't think that would matter, but just in case...

     
    • Paul
      Paul
      2006-02-21

      It could be file corruption or you have used the wrong password. If the repair option does not work you need to go back to your last backup, there is no backdoor to your data.

      cheers, Paul

       
    • mathminded
      mathminded
      2006-02-22

      That really sucks. I know it's not a wrong password, which is what I meant by "with *100% certainty*," so it must be corrupt. Seeing as I've never had another file go corrupt on my computer, I'm assuming it must be a software problem. Very disappointing. I was really hopeful for this program. Oh well, what can you expect from a free program, right?! :-)

      Thanks for the reply, Paul.

      Mathminded

       
      • Ryan Morgan
        Ryan Morgan
        2006-02-22

        I don't know what you "expect" from free software, but this software (and support directly from the author) has been much better than commercial software I've bought in the past.  I've been using KeePass for a couple years now, on 3 or 4 machines, copying and syncing database files back and forth, and I've never had a "corrupt" file.

        Forgotten password, corrupt filesystem, who knows, but with thousands of happy KeePass users, I'd certainly bet the problem is on your end.

        Can anyone say, "user error"?

         
    • Paul
      Paul
      2006-02-23

      My digital input devices never fail, that's why I backup.

      cheers, Paul

       
    • loremari
      loremari
      2006-02-23

      In Windows, if you have a crash or a power failure while the disk is writing to a file, that file is lost (corrupted). This is true also for NTFS, and even if the hardware is faultless.

       
    • I have installed keepass on my MDA compact II and every time I start it it won't recognize my password and tlls me its creating a new empty database. From there I can then open my database and it does recognise my password any ideas? Also I have installed keepass on  my pc but the two do not see each other when I auto sync. They work independantly. Any ideas how to get them to sync?
      Pete

       
    • Paul
      Paul
      2006-02-26

      KeePass does not sync.
      Make all changes on your PC and then copy the DB to your MDA.

      cheers, Paul

       
    • I have the same problems as mathminded. I have entered all passwords yesterday in a database, and when I tried to open this database again this morning, the same error appeared. Tried to repair but this did not succeed. I am working with v1.04. Hope somebody have any idea how this happens. I am sure I am using the correct password.

       
    • Paul
      Paul
      2006-02-27

      Try entering the password with the Caps Lock on?

      cheers, Paul

       
    • Hi, I'm having the exact same problem.
      I entered the password at least a dozen times yesterday. I transferred all my password in KeePass (fortunately I still have the old db).
      Today KeePass won't open the db. I am *sure* I am using the right password. To be on the safe side I also tried some common mistakes (caps-lock on/off, num-lock on/off, etc).
      Note also that the PC has always been switched on since yesterday.. nothing really has changed.
      I'd hate to have to re-enter all my passwords, and then discover KeePass won't accept my master password once again.

      It would be nice to be able to use a master password *OR* a key-disk so that one can use the disk when his master password doesn't work. This would also help in discovering if KeePass is doing something wrong with the master password.

      Thankyou
      Bye

       
    • Hi, forgot to say that I'm using 1.04.

       
    • Paul
      Paul
      2006-03-03

      KeePass does not get the password wrong, but you or your machine may not have typed the password you expected.
      I set the password to visible when creating a new master password.

      cheers, Paul

       
    • Paul, thankyou for your reply. The point is that the day I entered my password db in KeePass I entered the password at least a dozen of time. Sometimes it was only to unlock the password db, other times I shut down KeePass and then reopened it and entered the password... you see, if I had typed something unexpected I wouldn't have been able to reopen the db afterwards.
      I have the KeePass db on a shared server. The password is known to me and two other persons. I had created and populated the db on one day. The day after I told the password to my colleagues, installed KeePass on their workstation, then tried to access the db from one of my colleagues' ws.
      It failed. After a few tries, I got back to my ws and discovered it failed there also. I haven't been able to access it since. :-(
      Now I'm testing another db (with the same password on the same server), but I do not want to waste a whole day populating it just to discover that tomorrow it will not work anymore.

       
    • Paul
      Paul
      2006-03-07

      Maybe you/someone accidentally saved the file and changed the password?

      Why don't you use a keyfile, then send the keyfile to the users who need to open the database?

      cheers, Paul

       
    • Not to be a downer, but I had the same problem w/1.04.  I was using it for about a week when I had the problem.  My best guess is that someone accidentally changed the password, since I noticed that once you unlock your db, you can change the password without knowing the old password.

       
    • Paul, that's a nice idea (I'm talking about sharing the keyfile). My main problem with the approach is that you can't steal a password from someone's mind, while you can steal a keyfile. But using the correct permissions on the file I can make it a lot harder, at least. Also I could generate a new keyfile periodically.
      Thankyou!
      Bye

       
    • Paul: Re:

      1) KeePass does not get the password wrong, but you or your machine may not have typed the password you expected. 

      Sorry, but it most definitely does get the password wrong. I NEVER type passwords in like that directly. I always use cut and paste just to be sure. I have been using password protected systems of all types for a quarter century. A good indication of my experience with these things is that I only entered a single entry into the database and then tested. I did not lose any data, but it is VERY disturbing that a program like this is so fragile.

      2) I set the password to visible when creating a new master password.

      So did I. It read exactly the same as the notepad that I pasted it from.

      ---

      I am also a programmer for many, many years. There is no doubt in my mind that there is a 'mis-feature' in this system.

      I will take a quick look at the sources and see if there are coding practices that might lead to bugs.

       
    • Paul
      Paul
      2006-03-07

      Sorry, I can't work out which anonymous poster you are, so excuse me if you have already answered this.

      1. You entered a single password in the database. Did you modify/save the database during testing?
      2. Is the DB on a USB key or other removable device?
      3. Did you take a copy of the DB after you entered the data?
      4. How did you find the password didn't work?

      cheers, Paul

       
    • This is an off the wall suggestion, but could this be a situation where a CPU bug is exhibiting itself?  This would explain why certain people seem to have a problem with the software, and certain people do not.  It would also predict that looking at the source code will not help.  I'll get this started by saying that I have a Pentium M Dothan 738.

       
    • loremari
      loremari
      2006-03-08

      Just a suggestion, Keepass has a known bug: it doesn't handle correctly Windows shutdown and might fail to save recent changes (see tracker at http://sourceforge.net/tracker/index.php?func=detail&aid=1282520&group_id=95013&atid=609908\).
      Could these bugs be realted to the above one? Maybe Keepass tries to save the db but fails, leaving the file in a corrupted state.

       
    • Re: Sorry, I can't work out which anonymous poster you are, so excuse me if you have already answered this.

      This is 'RST' -- I will try to sign from now on. Sorry about that. I just made the single post to which you responded (thanks).

      BTW -- KeePass is a nice program. I have coded something similar in the past and its sins were greater than this. Don't take the criticism too seriously.

      1. You entered a single password in the database. Did you modify/save the database during testing?

      Not sure what you mean by the above. I fired up the program and used one of my standard PASSPHRASES (31 characters) when prompted. It is all vanilla ASCII letters, numbers and spaces. Except for the length, it is not unusual.

      I did make the single entry of a user ID and password. -- YIKES -- I went to open it again (I created a new database and it was working) and I have the same problem. Mercifully, I still just made the one entry.

      2. Is the DB on a USB key or other removable device?

      The DB is on a USB key, but the key has not been removed since before KeePass was even installed. They key works fine otherwise.

      3. Did you take a copy of the DB after you entered the data?

      Nope. An attempt to 'repair' the database says it is corrupt, but I don't have a copy to compare against.

      4. How did you find the password didn't work?

      When the program is started, it asks for a password that has something to do with its own startup or something. That is one password and it works ok. Note that this password is only 8 characters long, all alpha.

      When I go to open the particular database file where the passwords are stored, that is when it goes south. I am quite positive both about the password and about the fact that the database DID work after exiting KeePass and starting again. It seems to have done itself in from the last time I exited.

      ----

      As promised, I did examine the code. I actually created a debug build and ran it through the debugger (just to see how the password is tested). It appears to do the test ok. I would suggest that when you create the hash (or whatever) that you 'thumbnail' the hash itself and give the thumbnail to the user. That way, they will know for sure that they are using the same password and that indeed the database now thinks it has a different one. That would at least remove any doubt that this is happening.

      ----

      I do not know if this is out of scope, but I did notice from a quick scan of the source some coding practices that are prone to error. I will put those in a following note so this one is not too long.

      ----

      A final note here: It is not likely, but it is possible that everyone has been making a mistake due to confusion as to how the system should operate. If that is the case, then you need to examine the interface and the terminology it uses. You also need to examine whether or not the program is 'persisting state' appropriately. It should be nigh impossible for a file like that to become corrupt. According to the utility on the system the file is corrupt. However, I note that it also asks for a password and of course if it has stored the password incorrectly and is dependent on that to assess whether the database is corrupt, the measure will always be unable to differentiate between an invalid password and a corrupt file.

      Signed: RST

       
    • Coding practices to avoid

      Missing braces on (we really, really thought it was) single line 'if()' statements. These invariably lead to a second line being added as if it would be within the if block, which of course it is not. I have seen 5 programmers hold up a team of 40 programmers on a 60 million-dollar project for two days chasing a single bug as a result of this practice. I glanced at the code and pointed out the ‘no-no’ and it turned out to be the bug. Use the force.

      Unconditional jumps:
          break (outside of switch)
          goto
          continue

      Structured programming seems to have fallen out of fashion. It is still as valid as ever. The above statements should be avoided unless used to create a structured construct. After more than 20 years of C programming, I can only think of the break keyword being used within switch statements as being a sensible use of any of the above. There is, BTW, no utility in optimizing code that does not work. The above are usually defended because they simplify or speed up code. They break code more often than they add value. Eventually, as code ages and other programmers work on it, these practices invariably cause bugs. Not some of them, all of them.

      ASSERT appears to be 'assert'. If so, its presence in many places is a warning sign. It is not really a poor practice in itself, but its presence usually indicates fragile code. When it is present in these quantities, it is a bad sign. Why the uncertainty? When the program is stopped with an assert statement, you lose state information that could be used to help detect the source of the error.

      The use of the 'const' keyword is GOOD practice. One should be aware that it is not always possible for that to be enforced. That is, something you thought was immutable may very well turn out to be something that changes. Use this, but don’t depend upon it.

      Compiler warning errors should never be ignored. This is especially true in C/C++. A release build at warning level 4 gives 145 warnings. Note that most are from the architecture (VC98\INCLUDE), however, that is not to say that they are not a source of problems.

      Here is one of the warnings that come from the KeePass code:

      X:\KeePassSource\PwSafe.cpp(436) : warning C4310: cast truncates constant value

      typedef char TCHAR, *PTCHAR;

      TCHAR CPwSafeApp::GetPasswordCharacter()
      {
          if((IsMBThreadACP() == TRUE) || (g_bForceSimpleAsterisks == TRUE))
              return _T('*');
          return (TCHAR)0xB7;
      }

      Here is a quick look at what happens when you treat an unsigned char value (0xB7 = 183) > 127:

      X:\tmp>cat hellwrld.c
      #include <stdio.h>

      typedef char TCHAR, *PTCHAR;

      int main( int argc, char **argv )
      {
          printf( "signed char 0xB7='%d'\n", (TCHAR)0xB7 );

          return( 0 );
      }

      X:\tmp>cl /nologo /WX hellwrld.c
      hellwrld.c

      X:\tmp>hellwrld
      signed char 0xB7='-73'

      I am not suggesting that this problem is the source of the error (though it might be). I am suggesting that the fact that this mistake in the code exists and was not corrected means that the code was not examined thoroughly. Whatever your intention or the effect of this particular thing, you have tried to stuff a value into a type that can’t contain the value. The compiler tells you to look at it and you should. If it is the intention to return an eight-bit signed integer having the value minus 73 then that is what you should return. That will silence the compiler and (one hopes) bring clarity to the code.

      BTW – it is not clear to me what is intended by that function. If you know, off the top of your head, can you say?

      Again, don’t get too ruffled about the comments here. Many have done far worse. I am really more concerned that a nice piece of work not go into the ashcan.

      In another note, I will give some suggestions to harden the design against file corruption and to help find and squash the bug(s) (if any) in the wild.

      [RST]

       
    • Bill Rubin
      Bill Rubin
      2006-03-08

      I do not want to discourage RST's discussion of coding practices, but I do think it's off topic, not only for this thread, but for this forum.  Could you repost to a new thread in the Discussion forum?

      Bill Rubin

       
    • Re: Off Topic. I wrote the coding practices thing as a slightly 'generic' piece since I am writing broadly about programming elsewhere. However, in this instance, all of the coding practices in question exist in the code in question. They may at least give a hint as to the spot where an error exists.

      This is a discussion called 'invalid/wrong password'. The function in the coding discussion was not invented by me, it is in the source code of the program with the password problem. The name of the function is:

      GetPasswordCharacter

      I would suggest that we at least allow a principal involved with creating this program to look at the post before it is whisked away to parts unknown. If this is a bug, it is a serious 'showstopper' bug. It has happened three times to me and I have only put two entries into the database.

       
1 2 > >> (Page 1 of 2)