Open FaFre opened 3 years ago
Oh, after debugging a little bit, setting crashRecovery: false
when opening the box prevents the wipe. Is it guaranteed with setting crashRecovery: false
that noting is written during openBox
, providing a wrong key (also in future versions)?
How is this issue? I think this is a priority one, because it gives the malicious possibility of erasing the contents of protected box simply by trying to open it without an encryption key or with a wrong one.
Is this still persistent?
Yes. If we have an encrypted box and try to open it without encryption key or with a wrong one, the message flutter: Recovering corrupted box.
appears on the debug console and the box entries disappear.
This bug is still alive. Just run into same issue running Flutter v3.3.1 (Linux) with Hive v2.2.3. Opening a box with crashRecovery: false
and catching the HiveError
(Wrong checksum in hive file. Box may be corrupted.
) seems to be the workaround.
Steps to Reproduce Opening an encrypted box with a wrong key leads to the wipe of the complete box (= content of *.hive-file is then empty).
I was expecting "undefined behavior" but not a modification of existing data with
openBox()
. I initially wanted to derive a key from user password and wanted to use this as a decryption key.Code sample
Version