failed to log in to bitwarden instance: unimplemented cipherstring type: 0

doy / rbw

unofficial bitwarden cli

https://git.tozt.net/rbw

Other

620 stars 83 forks source link

failed to log in to bitwarden instance: unimplemented cipherstring type: 0 #40

Closed rjc closed 3 years ago

rjc commented 3 years ago

Hello,

After configuring my account email:

$ rbw config set email my.email@example.org

and running:

$ rbw login

I get the below error message:

rbw login: failed to log in to bitwarden instance: unimplemented cipherstring type: 0

This is using Bitwarden official cloud server. Web logon obviously works just fine.

What's odd is that, despite logon failing, I get confirmation emails to the contrary:

Subject: New Device Logged In From [...]

I get exactly the same error on OpenBSD with the official port/package (version 0.5.2) as well as on macOS Catalina (10.15.7) after running cargo install rbw (version 1.0.0).

jonathannerat commented 3 years ago

~From looking at other issues here, I think this has to do with how some old passwords in your vault were encrypted with old cipherstring types that are now not available in the new versions of the backend.~

Quoting @doy's comment on #2 to be more acurate:

ah, yeah, i only currently have support for the cryptographic algorithms that the current bitwarden clients use, but it looks like you still have some entries encrypted with an older version.

I solved this by Rotating my encryption key (be sure to read this, since this is a potentially dangerous operation).

Basically you need to:

Log out of all your clients
Re-download encrypted exports
Change (or keep the same password) from the vault settings, check the Rotate my encryption keys checkbox, and you're done.

rjc commented 3 years ago

Bingo! This indeed solved the problem. Thanks @jonathannerat!

Nothing to do with passwords in vault, though, as the first time I tried to log in, the vault was empty. Thinking that vault being empty might be the issue here, I created a single entry - no change. So it isn't about entries being encypted with an old key - as there were none to begin with - but the old encyption key itself was the culprit here.

Long story short - I crated Bitwarden account a long time ago, but never used it. After recent announcement made by LastPass, I decided to test Bitwarden properly :^)

doy commented 3 years ago

thanks for digging into this!

rjc commented 3 years ago

@doy BTW, I've checked the other issues mentioning similar (the same?) problems but, given that I (thought I) had started with a clean slate, I dismissed them thinking my issue was new so, given that this re-surfaces at different times, for different users, how about changing the message from:

failed to log in to bitwarden instance: unimplemented cipherstring type: 0

to:

Please rotate your Encryption Key - https://bitwarden.com/help/article/account-encryption-key/

or some such?

doy commented 3 years ago

ah, yeah, that is a good idea - let me see if i can do that