SpiderOak / Encryptr

Encryptr is a zero-knowledge cloud-based password manager / e-wallet powered by Crypton
GNU General Public License v3.0
1.57k stars 136 forks source link

Not being able to login on any device #295

Open hnykda opened 7 years ago

hnykda commented 7 years ago

Hi,

this is probably connected to https://github.com/SpiderOak/Encryptr/issues/292. I am currently not being able to connect through PC nor any mobile phone. It seems it is affecting my friend's account as well. I have noticed that encryptr has been moved to "legacy" part of the download section of SpiderOak site, but not letting users know before hand (at least on your page or directly in the app) or shutting the servers down when an export feature has not been implemented is crazy. Can you at least enable us to log in?

The PC app (2.0.0) on my Archlinux desktop shows just this: image

and in the console I see:

[30106:0815/095318:ERROR:cert_verify_proc_nss.cc(880)] CERT_PKIXVerifyCert for encryptrservice.crypton.io failed err=-8181

and on my phone (also the very last version) just got stuck on login and nothing happens.

When trying to create a new account, I also get a connection refused error, which indicates a server problem, rather than client's.

naguirre commented 7 years ago

Hi, Same problem here :(

alvarl commented 7 years ago

Looks like the certificate expired: NET::ERR_CERT_DATE_INVALID. So unlikely to be a shutdown, rather negligence.

crisp2017 commented 7 years ago

same problem here... locked out of bank accounts, bitcoin accounts... stupid of us relying on a service that doesn't allow export or backup. Our firm is also relying heavily other spideroak products such as one and enterprise backup. Need a fix now...

ezekiel-lemur commented 7 years ago

I have the same issue on iOS and Linux, we need a fix !

alvarl commented 7 years ago

I've managed to work around it, here are the steps for MacOS / Chrome:

crisp2017 commented 7 years ago

You are a genius sir.... thank you!!

ezekiel-lemur commented 7 years ago

alvarl than you very much, but does anyone know where that file would be on Linux? file:///Applications/Encryptr.app/Contents/Resources/app.nw/index.html ? Thank you

crisp2017 commented 7 years ago

ezekiel, if you can't find the file you can just find a mac in order to copy your passwords, by hand....

mike12345567 commented 7 years ago

@ezekiel-lemur, I managed to get it to work on Linux, I cloned the repo and built the desktop versions, then used the "osx64" build.

I had to change the endpoint it was targeting to encryptrservice.crypton.io which can be found under desktopbuilds/osx64/Encryptr.app/Contents/Resources/app.nw/js/Encryptr.js on line 45 (it is set to encryptrstaging.crypton.io).

Then you can follow alvarl instructions as before, this probably works for Windows as well.

Side note: if you do this you'll need to disable the user-select: none rule in the CSS for the body as the tap to copy events don't work correctly, this way you can select text to copy and paste passwords out.

ezekiel-lemur commented 7 years ago

I am going to borrow a mac asap

ezekiel-lemur commented 7 years ago

What password manager are ye going to migrate to?

mike12345567 commented 7 years ago

I've already paid for and started using LastPass, so far its got a lot of nice features and its only like $24 a year (although I think you can just have a free account if you don't want premium features?).

springjazzy commented 7 years ago

I knew that day would come! Still...

ezekiel-lemur commented 7 years ago

@mike12345567 This will be my solution [https://www.youtube.com/watch?v=3Ppk_squJW0](boring video) but hey, I will use Keepass + Nextcloud + Mini Keepass (iOS)

hnykda commented 7 years ago

I confirm @mike12345567 and @alvarl solutions for Linux and Mac. Here are zipped resources, which should IMHO work on any desktop. Can someone confirm please?

To get the files above I had to (on my Linux):

  1. install npm (use your package manager)
  2. git clone git@github.com:SpiderOak/Encryptr.git (or download the zip and extract it if you don't talk to git)
  3. cd Encryptr
  4. npm install
  5. ln -s node_modules/grunt-cli/bin/grunt
  6. replace line 35 in src/app.js with window.crypton.host = "encryptrservice.crypton.io";
  7. ./build.sh desktop
  8. enable https://encryptrservice.crypton.io/ certificate (advanced -> allow)
  9. open file://desktopbuilds/Encryptr/osx64/Encryptr.app/Contents/Resources/app.nw/index.html (yes, even on linux, use osx64 build)
  10. use your credentials to login

In that zipped file, there are resources from desktopbuilds/Encryptr/osx64/Encryptr.app/Contents/Resources/app.nw

By the way, this version of app shows this when started (added 2 months ago): image

There is an EXPORT feature already :-) .

ezekiel-lemur commented 7 years ago

@hnykda I got this error, am I using the correct repo?

➜` ~ git clone git@github.com:SpiderOak/Encryptr.git Cloning into 'Encryptr'... Warning: Permanently added the RSA host key for IP address '192.30.253.113' to the list of known hosts. Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository

mike12345567 commented 7 years ago

@ezekiel-lemur you are trying to clone with SSH there, try using the HTTPS clone instead if you haven't set up SSH keys. git clone https://github.com/SpiderOak/Encryptr.git.

hnykda commented 7 years ago

Exactly. Or just download the zip and extract it (https://github.com/SpiderOak/Encryptr/archive/master.zip). For your purpose, it is enough.

crisp2017 commented 7 years ago

I just downloaded Avast Password, its very sophisticated, also zero knowledge, its all offline but you can synch across devices, and its free.

xgkphdx commented 7 years ago

@mike12345567 @alvarl @hnykda Many thanks for the workaround, it works on Fedora.

springjazzy commented 7 years ago

Works on Windows! Many thanks!

ezekiel-lemur commented 7 years ago

@hnykda @crisp2017 @mike12345567 @alvarl thank you so much you saved my life guys !!! and SpiderOak I am really really disappointed, it is less bad for us as we know what github is but think of people who dont have all their passwords. just a tip before pulling a service off the shelf maybe inform your loyal users.

dodys commented 7 years ago

after a whole morning without access to Encryptr, it seems that now it is working fine. They reissued a new certificate but really disappointing, migrating to other password manager now.

jruffin commented 7 years ago

@hnykda @crisp2017 @mike12345567 @alvarl Many thanks, the workaround went well on Windows and I could back up my passwords.

Encryptr might be working again but that was enough of a warning to me that relying on a purely cloud-based service, as convenient as it can be, is dangerous. I am moving to KeePassXC together with Dropbox storage.

dodys commented 7 years ago

If anyone is interested in knowing if Encryptr is still being developed, I got this reply from the support team.

I'm relieved to report that the problem with Encryptr has been resolved. You should be able to log in to your Encryptr account and use it normally now.

"We first became aware of this problem at 1240 UTC today, and had it corrected by 1430 UTC.

Looking to the future, our next release of Encryptr will add the ability to work offline, so server outages will not affect your ability to log in and access your passwords. It will also add the ability to export your data, should you wish to give another password manager a try. We've actually been working on these two features already. We have a release-it-when-it's-ready policy, so we don't have a release date for it, but it will be as soon as it's ready for general use.

Please accept our apologies for today's difficulty and do let us know if we may be of further assistance.

Thank you for your Patience!

The SpiderOak Team "

exterm commented 7 years ago

Sorry, but for me, after 2 months of the android app being completely broken, this is it. I am moving on to lastpass and have lost a lot of trust in SpiderOak.

ezekiel-lemur commented 7 years ago

You should try KeePass it's very good and open source. You can back it up on Dropbox etc

On 15 Aug 2017, at 17:37, Philip Müller notifications@github.com wrote:

Sorry, but for me, after 2 months of the android app being completely broken, this is it. I am moving on to lastpass and have lost a lot of trust in SpiderOak.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

ellul-ezra commented 7 years ago

Bitwarden is also open source, multi-platform and features free cloud syncing, import/export etc

ezekiel-lemur commented 7 years ago

Bitwarden seems really cool... +1

On 15 Aug 2017, at 20:59, ellul-ezra notifications@github.com wrote:

Bitwarden is also open source, multi-platform and features free cloud syncing, import/export etc

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

kamal4o4 commented 7 years ago

It's completely working now. There servers are up. till dec-2017. working on ubuntu 16.04. this reply i got from there customer support : selection_004

hnykda commented 7 years ago

Thanks for bitwarden recommendation. I have already migrated. It's quite easy:

  1. Open the last version of Encryptr (build it yourself or use what I have posted previously)
  2. Click on the "export" button in the top right corner, export it to CSV
  3. Create bitwarden account
  4. Change columns in Encryptr export from Label->Name, Username->username, Password->password,Notes->notes (+ add empty columns folder, favorite,totp)
  5. use Tools -> Import -> choose Bitwarden format.
petervnv commented 7 years ago

Hi guys,

I followed the instructions and just did a fresh git clone and compiled Encryptr desktop for Mint. Everything works as expected except that Encryptr now gives me a "wrong password" error when I try logging in even though I'm sure the password is correct (works fine on iOS).

Any idea where I should start looking? I still have my old Encryptr app on Mint.

Cheers, Peter

petervnv commented 7 years ago

OK, I was able to change the host it pointed to and now I can login and see my passwords. The problem is that although I now see my passwords the download/export (?) button is still greyed out and Encryptr keeps showing the "Fetching data" message so I can't actually export my passwords even though I can see them.

Console: Encryptr [8285:0827/171519:ERROR:browser_main_loop.cc(162)] Running without the SUID sandbox! See https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment for more information on developing with the sandbox on. ATTENTION: default value of option force_s3tc_enable overridden by environment. [8285:0827/171614:INFO:CONSOLE(10)] ""read"", source: file:///tmp/.org.chromium.Chromium.NEajqr/js/backbone.crypton.js (10) [8285:0827/171615:INFO:CONSOLE(10)] ""read"", source: file:///tmp/.org.chromium.Chromium.NEajqr/js/backbone.crypton.js (10) [8285:0827/171617:INFO:CONSOLE(10)] ""read"", source: file:///tmp/.org.chromium.Chromium.NEajqr/js/backbone.crypton.js (10)

This last message keeps repeating and probably is the cause of the never ending "Fetching data" message.

Any hints?

Cheers, Peter

petervnv commented 7 years ago

Nevermind, it just took a long time to synch and now I can export my passwords!

Thanks!

petervnv commented 7 years ago

@ellul-ezra Thanks for pointing out Bitwarden. It seems to tick all the right boxes except it seems to be too dependent on Microsoft (it uses SQL server instead of MySQL, etc).

Maybe just my old school prejudice, but I have trouble wrapping my head around using any microsoft code for these types of privacy and security apps.

I wonder how easy it would be to replace the MS specific components by more traditional linux ones like Postgresql or MySQL.

ellul-ezra commented 7 years ago

Yes and apparently it uses Azure cloud for hosting :/

ggillies commented 7 years ago

@petervnv how did you work around the issue with it giving you wrong password when using a version compiled from git? You mention you had to change the host? What did you change it to?

petervnv commented 7 years ago

@ggillies

Check out the post above by @mike12345567 , specifically:

Just change the host as described by him.

Cheers

I had to change the endpoint it was targeting to encryptrservice.crypton.io which can be found under desktopbuilds/osx64/Encryptr.app/Contents/Resources/app.nw/js/Encryptr.js on line 45 (it is set to encryptrstaging.crypton.io).