Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KeePassVault crashed when trying to open my database? #287

Closed
Adhjie opened this issue Dec 2, 2024 · 6 comments
Closed

KeePassVault crashed when trying to open my database? #287

Adhjie opened this issue Dec 2, 2024 · 6 comments
Labels

Comments

@Adhjie
Copy link

Adhjie commented Dec 2, 2024

Overview

Continuing from:
#286

The bug:
KeePassVault crashed after I entered my password and keyfile, and then clicked 'unlock'.

Expected result:
Database opened.

Additional context, maybe this bug has to do with my encryption settings?
Algorithm is AES 256-bit
Key derivation function is Argon2id
Transfrom rounds is 2
Memory usage is 1536 MiB
Paralellism is 6 threads

Is there a maximum limit for encryption settings that KeePassVault could handle?

I'm still not sure, so I hope this logcat files will of use to you to debug with.
Attached logcat files from Logfox app:

KeePassVault_Crash_02_12-06-17-54_199.zip

crash-com-ivanovsky-passnotes-02_12-06-18-29_716.zip

P.S.:
I started to check out other KeePass for Android project starting from this bug in KeePassDX:
Kunzisoft/KeePassDX#1948
I settled with KeePass2Android for now, until this and that bug are fixed.
Found out about this app from Awesome-KeePass-List/Projects (awesome-list category) in Github.

How to reproduce

  1. Press the '+' button on the bottom right.
  2. Click Open File.
  3. I select my database, and then choose password + keyfile option; select my keyfile.
  4. I pressed the unlocked padlock icon
  5. App crashes.

Version

1.9.0

Android Version

Android 12

Device Model

Samsung Galaxy A12

@Adhjie Adhjie added the bug label Dec 2, 2024
@aivanovski
Copy link
Owner

Hi @Adhjie,

I see a java.lang.OutOfMemoryError in the stack trace you've provided. This indicates that the Android OS cannot allocate enough memory for the application because it is limited by the OS. I suggest tweaking the "Memory usage is 1536 MiB" option to potentially resolve the issue. I also tested password+key unlocking, and it worked in my case.

Out of curiosity, why do you need so much memory for your passwords? KeePassXC has 64MB as default value

@Adhjie
Copy link
Author

Adhjie commented Dec 2, 2024

I was basing it on this:
https://www.reddit.com/r/KeePass/comments/10ahzkm/keepass_vs_keepassxc_worried_about_security

But yeah I think I should take into account when my phone has many apps open, I was basing it based on my phone maximum available memory and still it crashes, so I turn it down until I reach 1536 MiB, and it doesn't crash in KeePassDX, KeePassXC, and now KeePass2Android. I will copy my database and emptied the pasted database then try to tone down the encryption settings, until KeePassVault could open it. BRB.

@aivanovski
Copy link
Owner

I may not understand some core principles of KeePass correctly, but here is my understanding of it:

  • Memory usage: is kind a useless thing. If only password are stored, then file size could vary to couple of dozens of kilo bytes (my personal db is 40kB). Once such a file is loaded, it will stay in memory.
  • Transformations: also useless thing. The number of transformations rounds is not encrypted with master key, any attacker could read it. All that you need is at least 1 round, but for example for my personal db I use default - 6000 rounds.
  • Encryption key: the most important thing. Key should be as strong as it possible. Weak key - weak protection (or even no protection at all, if password is one of the most common passwords), strong key - strong protection.

Please, feel free to destroy my illusions regarding these principles 😄
@Adhjie

@Adhjie
Copy link
Author

Adhjie commented Dec 2, 2024

Alright after revisiting all the links from that Reddit post, the basic guideline should be:
Parallelism should be equal to logical processors in windows or it means multi-thread, thus number of CPU cores times/x 2.
Memory value should be the weakest memory value in one of user device divided by 2, and decrease it until the database doesn't crash.
Iterations, for medium setting should produce 3 seconds wait in the KeePass' 'test' button test. Since this uses the computer spec, this should be lowered since it'll be longer on phone.

With that all said, KeePassVault works with this settings:
(I got tired of adjusting the memory and just opt for IOS maximum memory value to get autofill feature working: 64 MiB, and just decrease the iterations from there. Parallelism is 4 because my phone is Octacore [4 CPU cores, IDK about if my phone supports multi-thread, so I just set it to 4])
(The values could be higher but adjusting it takes time and I'm busy, so I'll settle with this value)

  • Iterations:9
  • Memory:64 MiB
  • Parallelism:4

This attached database below is my main database but with all the real entries deleted, only leaving the test entry to remains:
(hmm, GitHub doesn't support .kdbx and .keyx for keyfile attachments, I'll link the Gdrive download link here then. Password + Keyfile)
[Link to database:Redacted; for security reason, the explanation about guideline on calculating encryption settings that I describe above should be enough for future viewers.]

Master Password_test:[Redacted]

Keyfile in the link:

This solved this the cause of this bug. Feel free to close after testing my test database/vault.

@aivanovski
Copy link
Owner

@Adhjie it is better to delete database from here, after deleting entries some garbage may still be inside file

@Adhjie
Copy link
Author

Adhjie commented Dec 2, 2024

@aivanovski Okay, I have redacted the link and password from my GitHub comment. Yeah, I know. I saw the file history on my master password entry still records snapshots since I made it. I have deleted the file history but since this is done, I guess, test database is not needed anymore. Thanks for the heads up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants