HMAC mistmatch error despite correct password and no obvious cause of corruption #6728
Comments
|
Can you reproduce this issue on a brand new database? |
No, it works completely fine if I make a new one. |
|
If you can no longer open a known good backup then it could very well be a hardware issue. About how long does it take to unlock your database? We have seen times where bad RAM or some other hardware fault causes the key derivation process to fail. When you open a database and lock it without making changes there is no reason why it couldn't be opened again with the same credentials. We do not write to the file unless saved. |
|
To open a fresh database it only takes roughly 1.3 seconds. I'm thinking that maybe google drive has messed me over somehow and managed to corrupt my files. Is there any guides that would walk me through the process of checking my hardware components for failures? Also, despite searching google I wasn't able to find if there was some kinda of database repairer or something similar for KeePassXC. Does this exist? |
|
Alright, something weird just happened. I randomly tried to access the May 3rd version of the database and it let me in. I then (fortunately) exported my database as a CVS just in case it broke again, which of course it did, with it going back to giving me a HMAC mismatch error as soon as I locked the database (perhaps my database file is being haunted by a demon?). So luckily I now have a CVS file of a large chunk of my passwords, but this still doesn't explain the strange behavior of the database files. It would be important to note that all the database files that have been showing this weird behavior have been downloaded from Google Drive. |
|
If you can successfully open the DB again, try saving it to a new location (make a small change if necessary). That will create a fresh DB file. There's a known issue with remote storage on Linux. Not sure if there's a similar one on WIndows. Try working locally just to be sure. (By "downloaded from Google Drive", do you mean copied to an unsynced folder before opening, or do you open from the Google Drive folder directly?) To test for hardware issues, the simplest method is try to open the file on another PC. You can also try the original KeePass or other compatible variants. |
How long does your real database take? You could have made your encryption settings way too hard. |
|
I am seeing this same error with a local copy of a Keepass database that worked just fine and wasn't open the last time I did a hard reset on this machine. $ file Passwords.kdbx Other information... KeePassXC - Version 2.6.4
Revision: 34a78f0
Qt 5.15.2
Debugging mode is disabled.
Operating system: Slackware 15.0 x86_64
CPU architecture: x86_64
Kernel: linux 5.13.2
Enabled extensions:
- Auto-Type
- Browser Integration
- SSH Agent
Cryptographic libraries:
- libgcrypt 1.9.3 |
|
Alright, so the error has occurred again. As I mentioned earlier, I was able to get a CVS file and retrieve most of my passwords back. After that, I imported the CVS into a new database in KeePassXC. Everything was working perfectly fine until yesterday, where it inexplicably locked me out again, giving my a HMAC error. Just to clarify, this is a new database, I am 100% certain that I didn't forget the password, yet the same issue as before has occurred again. Answers to some unanswered questions from earlier posts From @michaelk83:
The former; I downloaded to my documents folder on my HDD and then opened it. From @droidmonkey:
Roughly the same amount of time, and additionally I don't recall every fiddling with those settings as I'm not too into the technical side of KeePassXC. |
|
Your computer is definitely corrupting the database file on save. This can happen with bad RAM or faulty hard drive. The bigger the database and longer the encryption time takes, the more likely you'll run into this problem. On our end, we really should be verifying the HMAC integrity on save to confirm the file is valid before sending you off on your way. I am going to consider this change moving forward. |
|
Is there any way to detect what component specifically is causing issues? |
|
The memory test returned the message: "The Windows Memory Diagnostic tested the computer's memory and detected no errors". |
|
It's probably not your hard drive. I see you have two anyway, you could switch which one you are using and see if it persists. Are you overclocking your CPU? |
No, I haven't made any modifications to any of my components beyond the initial building of it. |
|
The common link is Google Drive at this point. Where else are you opening the database? Are you using mobile apps? Is your laptop at fault perhaps? For reference the HMAC error means that the header of the database is intact and readable, but the transformed database key doesn't match what was expected. This means either the key data is being written incorrectly or the header is corrupted in specific parts. |
|
I did have it setup so I could access my database on my Android phone through Google Drive via the app KeePassDX, however I rarely did this and only accessed it I think twice in total. Either than my phone, my desktop was the only place I use KeePassXC. Also, the fact that the CVS imported database that I stored on my hard drive got corrupted rules out Google Drive being the main issue. |
|
Gotcha, I thought you had that on Google Drive too. |
|
In my case, I am not using Google Drive and I am not running under windows. Local filesystem for the database. $ uname -a
Linux noneof.your.business 5.13.4 #1 SMP Tue Jul 20 20:14:47 CDT 2021 x86_64 AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx AuthenticAMD GNU/Linux |
|
I just foind out and I'm now writng a issue for it... but if you have key file from windows and try to open that database in linux it wont work. |
|
@droidmonkey , from above:
Is this done? Maybe open a separate issue for it? |
|
Yah that needs to be a separate issue... and done. |
|
Issue here: UPDATE: Version: 2.4.3 Enabled extensions:
Linux Minx 20.3 |
|
Make sure you don't put anything in the "Key File" field, unless you actually use a key file (which is not your KDBX). |
|
Really, that must've been my mistake, setting the DB as key file - problem solved! |
Overview
I have been using KeePassXC since roughly May of this year with no problems. I originally stored my database file on my hard drive for about 1 week, however moved it onto google drive on the 3rd of May.
It worked fine up until the 11th of this month, which was when I started getting a HMAC mismatch invalid credentials error. This puzzled me, as I was sure beyond reasonable doubt that my password was correct and I hadn't changed it. Nothing else strange has happened on my computer so I have been struggling to find a reason for it to get this error.
After getting the error, I managed to retrieve a backup from Google Drive dated May 3rd, which let me access it again. However, I closed KeyPassXC (therefore locking the database) and when I tried it again it produced the same HMAC mismatch error despite being created and not modified before the possible corruption occurred. Re-downloading this old version, again, produces a HMAC mismatch error.
So far I have tried:
Steps to Reproduce
Expected Behavior
Database opens without error and I can access all my saved passwords.
Actual Behavior
Database displays the following error message:
Context
Computer Specs:
GPU - GeForce GTX 1650, 4 GB
CPU - AMD Ryzen 5 2600, 3.4 GHz, 6-Core
SSD - Kingston A400, 120 GB, 2.5"
HDD - Seagate Barracuda Compute, 2 TB, 3.5", 7200RPM
Ram - Corsair Vengeance LPX, 16 GB (2 x 8 GB), DDR4-3000, CL15
KeePassXC - Version 2.6.6
Revision: 9c108b9
Qt 5.15.2
Debugging mode is disabled.
Operating system: Windows 10 Version 2009
CPU architecture: x86_64
Kernel: winnt 10.0.19043
Enabled extensions:
Cryptographic libraries:
The text was updated successfully, but these errors were encountered: