Web lists-archives.com

Re: [kde] Cannot open kdewallet after upgrade to KDE 4.13.3




Cristian Ogrezeanu posted on Sat, 19 Jul 2014 17:37:41 +0200 as excerpted:

> I regularly copy my ~/.kde/share/apps/kwallet/kdewallet.kwl file to an
> external drive to have a backup if something went wrong. Never had any
> problem until a few days ago when I upgraded from 4.13.2 to 4.13.3.
> After upgrading I went to ~/.kde/share/apps/kwallet to manually backup
> as usual and saw there was a new file named kdewallet.salt, which I had
> never seen before (because it wasn't there before). In a moment of
> "genious" I just deleted that kdewallet.salt file thinking it was just
> some temp file. Clearly I messed up as now I can't open my wallet
> anymore, it won't take my password and fails with "Error code -9: Read
> error - possibly incorrect password.". I can't recover any copy of the
> wallet prior to the upgrade so I'm stuck. All my passwords are in there
> and I know not what to do. I've already tried opening the wallet on a
> system with KDE 4.11 but it fails with "unsuported file revision" or
> something similar. Any ideas anyone ?

I think you may be SOL.

In cryptography, a "salt" is a bit of per-instance random data appended 
to the cleartext before encrypting or digesting it, in ordered to defeat 
attacks such as rainbow tables, where a known cyphertext can be looked up 
in a pre-computed table to get the cleartext that encrypts to that 
cyphertext.

The idea is that if each instance/site has its own salt, then a rainbow 
table does no good, because the salt effectively randomized the cyphertext 
such that it you'd have to have a (large) rainbow table for each salt, as 
well.

So if you lose that salt, you've effectively lost the key to unencrypting 
the cyphertext.

I'm afraid your only possible rescue of that wallet at this point is to 
find either a backup of that salt file, or a backup of the wallet that's 
a version before the salt file was added.  Otherwise, it's likely even 
the NSA would have problems decrypting the thing, which could be 
considered good or bad depending on your viewpoint...

That's one reason why it's always a good idea to keep a cleartext copy of 
your passwords somewhere.  (The stereotypical case is to have a book, 
with say the first sentence of every 5th page starting with page 3, being 
your list of pass-phrases, but unmarked and one of many books on a shelf 
or whatever, so only you know which book it is.  You'd then keep an 
ordered list, perhaps order-scrambled in its own way that only you knew, 
of places you login in some other location, that can't be tied to the 
book with the passphrases, so that even if they attacker knew you were 
doing something like this, unless the attacker picked up the right book 
and knew your exact scheme, they'd never figure out the passphrase for 
more than, perhaps, a single login.)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.