Menu

#1201 Database not portable with Yubikey encryption

v1.0_(example)
closed
Rony Shapiro
Yubikey (6)
1
2015-09-23
2014-07-15
Tobias Preclik
No

I cannot create a database with password safe v0.93 on linux (Ubuntu) and read it with password safe v3.33 on Windows or vice versa. When opening the database in the operating system it was created with, it states that the database format is 3.13 in both cases. When opening the database in the operating system it was not created with, the software claims that the password is wrong or the database is corrupt. The Yubikey was set to the HMAC-SHA1 challenge-response mode on slot 2 with the Yubikey Personalization Tool by Yubico. When creating the database with the same password but without the Yubikey the database is portable.

Discussion

  • Rony Shapiro

    Rony Shapiro - 2014-07-15
    • labels: --> Yubikey
    • status: open --> accepted
    • assigned_to: Rony Shapiro
     

  • Rony Shapiro

    Rony Shapiro - 2014-07-15

    Thanks for reporting this. I've an idea what the problem is, started work on it.

     

  • Rony Shapiro

    Rony Shapiro - 2014-07-16

    I've a fix for this that I'd like you to test. What version of Ubuntu are you running, and on what architecture (32 or 64 bit)?

     

  • Tobias Preclik

    Tobias Preclik - 2014-07-16

    That was quick! I have Ubuntu 14.04 LTS on a 64-bit x86 architecture (I installed passwordsafe-ubuntu-0.93BETA.amd64.deb).

     

  • Rony Shapiro

    Rony Shapiro - 2014-07-17

    OK, here's how this works:

    1. The attached version of PasswordSafe will, by default, read and write databases that work with the Windows version of PasswordSafe + YubiKey.

    2. If you've a database that's created with a previous Linux build, then when opening the database, you have to press the SHIFT key while clicking on the Yubikey button on the dialog screen (not the button on the device itself!).

    3. To "fix" a database that was created with a previous Linux build such that it will open normally on both Linux and Windows versions of PasswordSafe: (a) Open it as described in the previous step, and then (b) Change the master passphrase (Manage->Change Safe Combination) as follows: After entering the old passphrase, press SHIFT while clicking on the upper Yubikey button, then DO NOT press shift while pressing on the lower Yubikey button that sets the new passphrase. (c) Save the database.
      You should now be able to open it on Windows, and on Linux without pressing SHIFT.

    Let me know how it goes.

    Rony

     
    passwordsafe-ubuntu-0.93.2BETA.amd64.deb
    passwordsafe-ubuntu-0.93.2BETA.amd64.deb.sig

  • Tobias Preclik

    Tobias Preclik - 2014-07-17

    Works like a charm. I opened my old database on Linux and reset the master passphrase. Now I can open the database on Windows with 3.33 and Linux with 0.93.2 (without pressing shift). Please comment on how the security of the two factor authentication was affected. I would also be interest in having a look at the patch.

     

  • Rony Shapiro

    Rony Shapiro - 2015-09-23
    • status: accepted --> closed
     

Log in to post a comment.