search

subdavis / Tusk

šŸ˜ šŸ”’ KeePass-compatible browser extension for filling passwords.
https://subdavis.com/Tusk
Other
475 stars 73 forks source link

Big Argon2 memory setting causes "Incorrect password or keyfile" error #268

Open MalcolmEvershed opened 5 years ago

MalcolmEvershed commented 5 years ago

Bug report

Steps to reproduce - current behaviour

dbs.zip

  1. Try to unlock test-bad.kdbx using the password password and Tusk will give the error Incorrect password or keyfile. The KDBX is configured to use Argon2 with 8 iterations, 128MB of memory, parallelism of 8.
  2. Try to unlock test-good.kdbx using the password password and Tusk will take a while, but it will be able to unlock the database. The KDBX is configured to use Argon2 with 8 iterations, 64MB of memory, parallelism of 8. It differs from test-bad.kdbx by requiring less memory.

What is the expected behaviour

test-bad.kdbx should have been able to be unlocked. Or, a better error message should have been shown, perhaps "out of memory" or something suggesting that the memory setting of the file was too high.

Additional remarks

This is on a Chromebook with 2GB of RAM. MemFree: 440332 kB, MemAvailable: 764108 kB.

KeePass clients on Android devices with only 1GB of RAM are able to open test-bad.kdbx.

Environment

Operating System: Chrome OS 69.0.3497.120 (Official Build) (64-bit)

Browser vendor and version: Google Chrome

Storage Provider: File System

subdavis commented 5 years ago

Million Dollar Question:

Can you open it with app.keeweb.info?

I'll check when I get to a computer, but this will tell us if it's My fault or the Argon2 wasm library's fault.

MalcolmEvershed commented 5 years ago

It opens successfully with app.keeweb.info. It takes a while after entering the password, but eventually succeeds.

With Tusk, after entering the password, an error is returned right away.

subdavis commented 5 years ago

That's good news. Thanks for the report.

Solverz-0 commented 5 years ago

That's good news. Thanks for the report.

I still expereince this exact error!

gowon commented 5 years ago

Also experiencing the same error with a pass + key database with the following configuration:

The same database can be opened in Keeweb (also takes a few spins to unlock, but always successful).

bigalgeorge commented 4 years ago

Im finding that the extension on FF despite setting 'until browser exits', each time click on icon there is a 4 second delay while 'unlocking ???.kbxc' which is a dropbox file.