Password is not being used for derivating encryption key #11
Comments
davidmigloz
changed the title
|
The stretched password was not being added to the input key material array. |
|
But the fix implies that if someone was using password is not going to be able to decrypt the data anymore :$. Can we migrate the data somehow? |
|
Hi David thx for the PR. That looks bad :( I will think about if migration is feasible, otherwise we will have to bump the major version and maybe provide a workaround. |
Fix Password is not being used for derivating encryption key #11
|
Maybe for future migrations, we can start storing the protocol version in the same way the storage salt is stored. So then we can easily check when the protocol version has been bumped and apply the proper data migration. Because currently I have no idea how we can detect it. What do you think? |
|
I fear the app developer would need to track the migration (e.g. the have a migration flag for all the key/value pairs with user PW, the first time the value is accessed read it with password = null, then write it with the correct pw) I will release a new version today with a note on the issue and probable migration issues. |
|
For today there is a 0.5.0 release. Will think about a solution regarding migration the next couple of days. |
|
Perfect. Thanks Patrick. |
|
We could use the changing password feature #13 to make the migration easier. It would be changing from empty password to the user password. |
|
Good idea, this would make it more simple. |
The user provided password is supposed to be used to derivate the encryption key. However, it seems that currently is not being used.
How to reproduce:
-> You are able to retrieve the plain data
The text was updated successfully, but these errors were encountered: