#814 PS 3.19 Unable to open database

open
nobody
V3 (197)
5
2015-03-31
2009-11-27
DrK
No

Created from Help Forum topic: "PS 3.19 Unable to open after power down forum", although may not have any relation to the 'power event'

Discussion

  • DrK

    DrK - 2009-11-28

    Information sent by 'kathimooney' :

    I am using Windows7 64 bit. I am in Texas, using English version and
    installed from the internet download. I used the real key board to create the
    database. I have not tried a previous version of Password Safe. The data
    base was on a local disk. I created the file, saved it, did not close
    password safe. I shut down the computer, then when I went into
    Password safe the next day, my password did not work.

     
  • Rob Weemhoff

    Rob Weemhoff - 2009-12-12

    I have the same problem, not sure what caused it, but I am willing to share the pwsafe3 and ibak in order to resolve the problem.

     
  • Roberto

    Roberto - 2015-03-30

    Today while opening Password Safe I encountered the Warning "Incorrect passkey, not a PasswordSafe database, or a corrupt database." I'm using Password Safe V3.35.01 on Windows 7 32 bit. It's been installed for only about a month. I checked my "C:\Users\%USERNAME%\Documents\My Safes" folder and found one pwsafe.psafe3 file with Modified Date 20-MAR-15 (the one that was trying to open) and three other .ibak files. All four files have the same Creation Date/Time 9-MAR-15 2:50 PM (see "DBFiles.jpg" in attached ZIP archive). I then tried to open the .ibak files beginning with the one created on 19-MAR-15 and encountered the same error message until trying the third, oldest backup modified 12-MAR-15 at 1:58 PM. This last one opened. I had not changed the password and was certain I was entering it correctly. The fact that the oldest backup does open verifies that the entered password was correct.

    One oddity is that the second *.ibak file, modified 12-MAR-15 2:07 PM (9 minutes after the first backup file) is when the "corruption" appears to have started. I checked both the Application and System Event logs for this timeframe and found nothing suspect (see both in attached ZIP). Included in the attached ZIP are:

    ApplicationEventLog.jpg
    CorruptedDBWarning2.jpg
    DBFiles.jpg
    MyPCspecs.txt (NOTE: my hard drive is an SSD)
    SystemEventLog.jpg

    I've redacted User ID and domain info for security reasons. I also will be unable to render any of the corrupted files for the same reason.

    The inclusion of the "a corrupt database" disclaimer along with "Incorrect passkey" in the login failure message is rather dubious for such a security-sensitive application, and to me indicates a known serious issue. Having researched this issue in this forum and found numerous past occurrences, an attempted fix, and this open bug (#814 PS 3.19), I am compelled to discontinue the use of this application and to warn the rest of my IT organization about this very real risk.

    I hope this report provides new information that will help to resolve this issue.

    Thank you.

     
  • Rony Shapiro

    Rony Shapiro - 2015-03-31

    The inclusion of the "a corrupt database" disclaimer along with "Incorrect passkey" in the login failure message is rather dubious for such a security-sensitive application, and to me indicates a known serious issue.

    Actually, this is exactly backwards. The first thing PasswordSafe does after you enter the passkey is to use it to calculate a value that's stored in the database. If the calculated and stored values don't match, then there's actually no way for PasswordSafe to determine if this is because the wrong passkey was entered, the file is damaged, or is not even a PasswordSafe database. Any mechanism that would enable the program to differentiate between these cases would provide an attacker with more information with which to make the attack more effective.

    Sorry the original file and backup got corrupted, but this does not reflect on the security of the underlying implementation. The fact that you had a backup that you could access shows that the resiliency built into the application ultimately worked.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks