Author Topic: Lost master password. How do I recover?  (Read 785590 times)

Offline defaria

  • Jr. Member
  • **
  • Posts: 29
Lost master password. How do I recover?
« on: April 23, 2009, 02:52:53 AM »
This all started when the passwords between my home computer and work computer got messed up. The password generated at home for my Wells Fargo page is different than the password generated at work for Wells Fargo. I usually use the upload/download thing to keep these in sync but that was failing with an error:

Exception: [Exception... "Component returned failure code: 0x80520001
(NS_ERROR_FILE_UNRECOGNIZED_PATH) [nsLocalFile.initWithPath]" nsresult:
"0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH)" location: JS frame ::
chrome://passwdmaker/content/updownload.js :: anonymous :: line 27" data: no]

So I exported my settings from work and imported them at home and things appeared to work. But now they've broken again. So I try to toggle the Mask Generated Password with Asterisks and it prompts for my master password. I type in the only master password I have - the only one I use - and it tells me that that is not the correct master password! Help!!!

Another odd thing is that I don't see any place to enter the master password anymore on the Password Maker Advanced Options dialog box.

« Last Edit: April 23, 2009, 03:01:54 AM by defaria »

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Lost master password. How do I recover?
« Reply #1 on: April 23, 2009, 11:25:50 AM »
Quote
Another odd thing is that I don't see any place to enter the master password anymore on the Password Maker Advanced Options dialog box.

This must be the cause of your problem. The only time it prompts me for my MP is when there is something entered into the MP box when toggling it.

Can you see the 'I use more than one master password' option? Is it enabled?

Can you see the 'Store master password (on disk or in memory)' option? What is it set to?

Can you see the 'Master Password Hash' section? Have you stored the Master Password Hash for whatever account you are on when you try to toggle?

It sounds to me like your RDF file may be hosed... have you tried an older one from your backups (you do keep good backups, right?)?

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Lost master password. How do I recover?
« Reply #2 on: April 23, 2009, 11:28:12 AM »
Oh... and to answer the question in your subject, see this F.A.Q.

Offline defaria

  • Jr. Member
  • **
  • Posts: 29
Re: Lost master password. How do I recover?
« Reply #3 on: April 23, 2009, 02:50:57 PM »
Quote
Another odd thing is that I don't see any place to enter the master password anymore on the Password Maker Advanced Options dialog box.

This must be the cause of your problem. The only time it prompts me for my MP is when there is something entered into the MP box when toggling it.

Maybe it's a Windows vs. Linux thing. Here at home on Linux I see no place to enter theMP. I remember seeing it at work on Windows. I'll report back.

Quote
Can you see the 'I use more than one master password' option? Is it enabled?

Initially no. I tried toggling it on. It didn't seem to do any good.

Quote
Can you see the 'Store master password (on disk or in memory)' option? What is it set to?

Right now it says "Store". Likewise I click on it a few times to try all of the setting. Again, didn't seem to do anything. If I click it now it goes to "Clear" and says "Status of Global Hash Matches".

Quote
Can you see the 'Master Password Hash' section? Have you stored the Master Password Hash for whatever account you are on when you try to toggle?

It says "Master Password Hash" above the "Status of Global Hash Matches". I've both stored and cleared it.

Quote
It sounds to me like your RDF file may be hosed... have you tried an older one from your backups (you do keep good backups, right?)?

If I 1) new where this RDF file typically resides and 2) wasn't going through a major migration from Windows -> Ubuntu complete with a totally new machines then I'd normally say yes. But I can't say yes here. I do have an passwdmaker.rdf under ~/.mozilla/firefox/<profiledir>. But that's dated today...  :'(

Regarding your pointer to the FAQ: But I haven't lost my MP really, in fact I've never changed it! It's always been the same but now password maker says it's wrong. That's what's strange. That and the fact that although I don't know my MP I can currently still use password maker by and large.

Assuming I eventually need to get my MP known again, two question. Firstly - how do I do that? Blow away password maker? Uninstall the extention? What?

Secondly, would I then have to re-establish each and every password I'm using at all of my web sites???
[/quote]
« Last Edit: April 23, 2009, 02:53:22 PM by defaria »

Offline defaria

  • Jr. Member
  • **
  • Posts: 29
Re: Lost master password. How do I recover?
« Reply #4 on: April 23, 2009, 04:57:44 PM »
OK, here at work and I try to download my passwords from my server and I get a dialog box with the oh so helpful message "Error 0x-1"! What's that mean?

I don't see any edit boxes for the MPW so I guess I was wrong there...

I still don't know what my MPW is now nor how to correct this problem. PWM seems to work supplying passwords though.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Lost master password. How do I recover?
« Reply #5 on: April 23, 2009, 06:05:33 PM »
Hmmm... be careful... apparently you have saved your Master Password to disk, but since you cannot remember it, you cannot toggle any settings that require you to know it...

Since it *is* saved on disk, this is one situation where it just might be possible to somehow 'peek' at the password... but how to do so is beyond me...

Eric?

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Lost master password. How do I recover?
« Reply #6 on: April 23, 2009, 08:47:40 PM »
You can get your master password back. Get the encryption key and encryptedMPW from passwordmaker.rdf. This uses AES-256 encryption, so you need an AES-256 decrypter. I think we had an online one I wrote on the passwordmaker.org website. Trying to find it...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Lost master password. How do I recover?
« Reply #7 on: April 23, 2009, 08:49:10 PM »
http://passwordmaker.sourceforge.net/crypt/
I *think* that uses AES-256, but w/o looking at the source code I can't remember for sure.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Lost master password. How do I recover?
« Reply #8 on: April 23, 2009, 09:35:37 PM »
Cool, thanks Eric... let us know if this works for you defaria...

Offline defaria

  • Jr. Member
  • **
  • Posts: 29
Re: Lost master password. How do I recover?
« Reply #9 on: April 24, 2009, 03:26:39 PM »
I cannot find "encryption key" and "encryptedMPW" in my Passwords.rdf file. I do see "masterPasswordKey" and "masterPassword". I assume that's what you meant.

At http://passwordmaker.sourceforge.net/crypt/ I put masterPasswordKey in the Key edit box and masterPassword in the Cipher Text box. I then click on Decrypt. Nothing happens!  :'(

I can put text in the Plain Text box and encrypt it. I can then decrypt that text. For grins I put in my expected master password (as I said, I'm sure it's the one I used - it's the only one I use for such master passwords typically) and tried to encrypt it.  I then took what it encrypted to and tried to stick it into a copy of Passwords.rdf and import that. It imported. I then tried to enter my master password... No joy! Still says it's wrong.

Note that "masterPassword" and "masterPasswordKey" appear in two sections of my Passwords.rdf file. One appears to be where I define my upload/download domain (defaria.com) and the other is in the global settings section. I dealt only with the later section here.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Lost master password. How do I recover?
« Reply #10 on: April 24, 2009, 05:28:04 PM »
The ones in global settings are the ones to use.

I checked http://passwordmaker.sourceforge.net/crypt/ and it does indeed use AES-256 (hopefully the same block size and mode as the PasswordMaker extension; I didn't check that).

If it's not decrypting, then you need another tool. have you googled for AES decyrpters?

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Lost master password. How do I recover?
« Reply #11 on: April 24, 2009, 05:32:08 PM »
I saved mine to disk and tried it and got nothing either... looks like it is broken for some reason...

I looked for another online tool, but couldn't find a working one...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Lost master password. How do I recover?
« Reply #12 on: April 24, 2009, 05:46:06 PM »
It's not broken, it just does encryption differently than PasswordMaker does for its MPW.

Offline defaria

  • Jr. Member
  • **
  • Posts: 29
Re: Lost master password. How do I recover?
« Reply #13 on: April 24, 2009, 05:50:33 PM »
The ones in global settings are the ones to use.

I checked http://passwordmaker.sourceforge.net/crypt/ and it does indeed use AES-256 (hopefully the same block size and mode as the PasswordMaker extension; I didn't check that).

If it's not decrypting, then you need another tool. have you googled for AES decyrpters?

No, the clock struck 9 Am and I decided it was time to go to work. I'll work more on this tonight when I get home. Thanks guys. Will report back. If I find a way to recover the password it would be good to document that procedure incase somebody else losses there's but has also saved away a copy of their .rdf file with the master password.

You had mentioned backup copies. Where are they normally kept? (Both Windows & Linux...)

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Lost master password. How do I recover?
« Reply #14 on: April 24, 2009, 06:16:19 PM »
Will report back. If I find a way to recover the password it would be good to document that procedure incase somebody else losses there's but has also saved away a copy of their .rdf file with the master password.

I will absolutely be sure that this gets documented, and will give full attribution...

Quote
You had mentioned backup copies. Where are they normally kept? (Both Windows & Linux...)

Wherever you put them... ;)

Passwordmaker doesn't create them automatically... I back mine up daily, and keep 365 copies... so I can go back in time as far as a full year with respect to my rdf file - its that important to me. Thankfully it is tiny and takes up very little space... I also keep this entire rdf file backup directory rsync'd to my online rsync.net backup account (encrypted of course), for disaster recovery purposes.

For me, being forced to give up passwordmaker+firefox would be worse than being forced to giving up broadband and having to go back to dial-up... I couldn't do it...

PasswordMaker Forums

Re: Lost master password. How do I recover?
« Reply #14 on: April 24, 2009, 06:16:19 PM »