Database not portable with Yubikey encryption
Popular easy-to-use and secure password manager
Brought to you by:
ronys
I cannot create a database with password safe v0.93 on linux (Ubuntu) and read it with password safe v3.33 on Windows or vice versa. When opening the database in the operating system it was created with, it states that the database format is 3.13 in both cases. When opening the database in the operating system it was not created with, the software claims that the password is wrong or the database is corrupt. The Yubikey was set to the HMAC-SHA1 challenge-response mode on slot 2 with the Yubikey Personalization Tool by Yubico. When creating the database with the same password but without the Yubikey the database is portable.
Thanks for reporting this. I've an idea what the problem is, started work on it.
I've a fix for this that I'd like you to test. What version of Ubuntu are you running, and on what architecture (32 or 64 bit)?
That was quick! I have Ubuntu 14.04 LTS on a 64-bit x86 architecture (I installed passwordsafe-ubuntu-0.93BETA.amd64.deb).
OK, here's how this works:
The attached version of PasswordSafe will, by default, read and write databases that work with the Windows version of PasswordSafe + YubiKey.
If you've a database that's created with a previous Linux build, then when opening the database, you have to press the SHIFT key while clicking on the Yubikey button on the dialog screen (not the button on the device itself!).
To "fix" a database that was created with a previous Linux build such that it will open normally on both Linux and Windows versions of PasswordSafe: (a) Open it as described in the previous step, and then (b) Change the master passphrase (Manage->Change Safe Combination) as follows: After entering the old passphrase, press SHIFT while clicking on the upper Yubikey button, then DO NOT press shift while pressing on the lower Yubikey button that sets the new passphrase. (c) Save the database.
You should now be able to open it on Windows, and on Linux without pressing SHIFT.
Let me know how it goes.
Rony
Works like a charm. I opened my old database on Linux and reset the master passphrase. Now I can open the database on Windows with 3.33 and Linux with 0.93.2 (without pressing shift). Please comment on how the security of the two factor authentication was affected. I would also be interest in having a look at the patch.