lazyuser / secrets-for-android

Automatically exported from code.google.com/p/secrets-for-android
0 stars 0 forks source link

restore from backup doesn't work #114

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.accidentally hit reset password
2.lose all existing passwords, then attempt to restore from backup
3.fail

What is the expected output? What do you see instead?
"Restore Succeeded" is reported. but no passwords appear. 

What version of the product are you using? On what operating system?
2.1 on a galaxy ace. initially was using an older version (don't remember 
which) and got the same result. then upgraded and also failed. also tried it in 
the android sdk and replicated the experience. 

Please provide any additional information below.
If a fix for this could be expedited, I would be most grateful indeed. 

Original issue reported on code.google.com by sreekar....@gmail.com on 5 Feb 2012 at 6:02

GoogleCodeExporter commented 9 years ago
Sorry you are having trouble with secrets.  Can you tell me how you 
accidentally reset your password?  I put in confirmation dialogs and warnings 
to prevent such accidents, so I am curious. 

Resetting your master password does not delete the backup that you have 
performed.  It only resets the program's internal state.

Restore only works iff:

1. you performed at least one backup before your password was reset (secrets 
actually nags you to do this), and
2. you didn't do another backup after your password was reset (this would 
overwrite any existing backup).

Assuming you did not do the latter, do you know if/when you performed your last 
backup?  Can you tell me the size of the backup file in bytes?  The file is 
called 'secrets' and can be found in the root directory of your SD card.

There should not be any issues with restoring from an older version.  The file 
format has changed twice since secrets was released, and the most current 
version can restore from any of these formats.

I am not able to replicated this problem.  If you can provide detailed repro 
steps, I can try again.  I did the following:

Repro steps:
- installed v.1.9.4
- created some secrets and performed a backup
- reset the master password
- installed v.2.1
- created the exact same master password as before
- used the restore menu item and chose the secrets file on the SD card
- was asked for the password and typed it again

Result:
Secrets restored successfully.

Original comment by ro...@tawacentral.net on 5 Feb 2012 at 7:28

GoogleCodeExporter commented 9 years ago
First of all let me thank you for your rapid reply. Your email made me look
a little more closely at what was happening and I was successfully able to
restore all of my passwords.

Let me address various points.

(1) As far as how I accidentally hit the reset, I was in a car and the road
was fairly bumpy. That's all it took for me to hit the 'menu' softkey, hit
'reset password', and agree to the reset. Quite a freak thing. It would've
been great if, upon confirming to reset the password, the user exited the
application rather than typed in a new password, the app would return to
it's original state rather than insisting that a reset be done (this
comment refers to an older version of secrets).

(2) Please ignore my remark that I could replicate the experience in the
android sdk. What secrets said in the android sdk was 'unable to read
file', the point being: the secrets apk I used was a much older version
(1.7) than the version (1.9 I think) used to make the secrets file I tried
to open it with.

(3) I initially tried to restore from /sdcard/secrets itself. What I didn't
notice when I filed the bug report was that the secrets app zeroed out the
file /sdcard/secrets upon resetting the password. I keep an up to date copy
of this file in my dropbox as a backup in case I lose my phone. So I just
copied my backup copy of /sdcard/secrets from dropbox and restored from
that.

(4) some suggestions regarding the backup / restore functionality

(4.1) since I was aware of the existence of the file /sdcard/secrets, I
tried to restore from that upon resetting the password. But that file had
been zeroed out by the reset. this caused me to believe that secrets was
broken.

(4.2) I had believed that I could use the android sdk to recover my
passwords from my backup copies of the /sdcard/secrets file. This proved to
be a difficult and awkward procedure. Suppose a user loses his phone but
keeps a copy of /sdcard/secrets in his dropbox or on his laptop. Wouldn't
it be ideal if that user had immediate access to all of his passwords
without the need to get a new phone (or without the need to try to use the
android sdk)? Why not make the file format of /sdcard/secrets an encrypted
csv file (encrypted with something widely available, like openssl). Then
with some instructions on your website, the user could recover all of his
data immediately. The point is, it would be better if the user were less
"locked in" to the secrets app, especially in the eventuality that he loses
his phone.

Thanks!
Sreekar

Original comment by sreekar....@gmail.com on 7 Feb 2012 at 2:01

GoogleCodeExporter commented 9 years ago
Glad to hear you are up and running again Sreekar.  To answer your points:

1. Yeah, that's a pretty freaky situation.

2. Done.

3. Secrets does *not* zero out the backup file on reset.  If it was zeroed out, 
something else did that.  Alternatively, if you manually performed a backup 
from secrets after re-entering your new password but before restoring your 
secrets, then the backup would have been overwritten.

4.1 That does work.  If you look at my repro steps in comment #1, that is 
exactly what I did.

4.2 The code is open source, so writing a desktop tool to decrypt the secrets 
is pretty easy (for a developer at least :-) ).  I haven't done anything like 
you suggest because I want to work on a better desktop-mobile sync solution, 
and don't want to support a temporary mechanism in the mean time.

For those that loose their phone, secrets backs up your data to your online 
Google account, so getting a new phone and setting it up with the same Google 
account will restore the app and its data.

Secrets does not lock users in for two reasons: a) its possible to use the 
export feature at any time to move your secrets to another password manager, b) 
the code is open source sourced so a developer can easily write apps that can 
read and write secrets' data format.

I will close this issue since you restored your data, but feel free to open 
other issue for specific bug report/feature requests.  Thanks!

Original comment by roge...@google.com on 7 Feb 2012 at 6:22