Problem switching database to Argon 2id

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

https://keepassxc.org/

Other

20.97k stars 1.45k forks source link

Problem switching database to Argon 2id #5922

Closed basbebe closed 3 years ago

basbebe commented 3 years ago

Overview

I have an existing database which uses Argon2d which I would like to change to Argon2id. However, writing seems not to be possible and / or no changes take place.

Steps to Reproduce

Go to database settings, change KDF from Argon2d to Argon 2id
Press Yubikey a when asked
red banner appears: could not write database. Hardwarekey in use (in German)
Press yubikey again when asked
nothing happens
close database, open again: no change of KDF

When disabling Hardware key authentification and going through the process no red banner appears, it seems like nothing is happening.

Expected Behavior

change KDF to Argon2id

Actual Behavior

nothing happens

Context

The folder the database file lies in is synced via Syncthing. Disabling Syncthing and / or Networking doesn't change anything. Disabling secure save (?) doesn't change anything.

KeePassXC - Version 2.6.3 Revision: beae186

Operating System: macOS 11.1 Big Sur

phoerious commented 3 years ago

I cannot reproduce this at all. But what I can reproduce is a bug in the settings, which keeps showing Argon2d after changing the KDF, even though the database is using Argon2id. It's just a display bug. If you try opening the database with an older version, you will get an error that an unsupported KDF is being used.

The YubiKey error seems unrelated to the issue you are reporting.

basbebe commented 3 years ago

Thank you for pointing that out!

You're right: Strongbox (iOS) seems to not be able to open the database.

Just because I haven't found any reference or documentation on this:
Which KDF will my created KeeShare files use?
Is there a way to set it?

phoerious commented 3 years ago

The default is still Argon2d.

basbebe commented 3 years ago

The default is still Argon2d.

So all KeeShare files i create will use Argon2d for the time being?
Thanks!

droidmonkey commented 3 years ago

No, keeshare actually creates kdbx 3.1 using aes with 10000 rounds. Something I'll be changing in 2.7.0.

basbebe commented 3 years ago

No, keeshare actually creates kdbx 3.1 using aes with 10000 rounds. Something I'll be changing in 2.7.0.

Yes – I just checked and observed the same thing.

Thank you!

utaxiu commented 3 years ago

Right now I updated to latest 2.6.4 release using Snap on Ubuntu 20.04 but I am still experiencing exactly the same issue as @basbebe. I am also using Yubikey for 2FA.

Any ideas?

Thanks :)

phoerious commented 3 years ago

I cannot reproduce this on Windows at all.