TOTP: OTP settings not updated if in invalid format [DATA LOSS] #3142
Comments
|
Can you create a new entry and restart KeePassXC to confirm it sticks? What happens if you don't quit KeePassXC but instead just setup totp again? I am not experiencing this on either OS. Where are you saving your database? |
|
After setting it up it'll work until restart, setup will still show the secret, show will show the correct code. DB is stored on local ssd. |
|
It is likely that the database file is not being saved or is not saving where you think it is. |
|
Since I'm using the option to remember the last used DB I highly doubt it's not where I think it is. I have just figured out the following: |
|
Ahhh ok. So those are from another plugin in the past. Just delete the old settings they are corrupt. Otp should look like a url not a 30;6. |
|
I just tested and it worked fine after deleting this record. |
|
Unfortunately the fix will likely come at the expense of interoperability. The fact we support the 4 different totp "standards" developed for keepass is crazy as is. |
|
At the very least KeePassXC should detect and warn when it can't ensure the secret is correctly saved. |
droidmonkey
changed the title
I agree, at least because this has changed somewhere along 2.4.0 (probably #1167 or #2284) Additionally the "otp" Attribute is parsed differently to other clients, see This is naggy even for users switching from or with keeweb! last but not least: if you copy the value from the otp field but do not delelete it and use the new TOTP setup dialog for custom 30;6 setup, neither in the end: the setup dialog should give a damn good hint that entering a key-URI in the Key / secret field is bad too the other way! Or just should parse it .. |
|
I am totally in favor of eliminating the stupid 30;6 and totp seed fields... Otp string is the preferred route. How many people will lose interoperability though. |
* Fix #3142 - Warn user when entering invalid TOTP secret key. * Fix #773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button. * Add ability to choose hash algorithm from the TOTP setup dialog * Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss *
* Fix #3142 - Warn user when entering invalid TOTP secret key. * Fix #773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button. * Add ability to choose hash algorithm from the TOTP setup dialog * Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss
* Fix #3142 - Warn user when entering invalid TOTP secret key. * Fix #773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button. * Add ability to choose hash algorithm from the TOTP setup dialog * Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss Ran make format
* Fix #3142 - Warn user when entering invalid TOTP secret key. * Fix #773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button. * Add ability to choose hash algorithm from the TOTP setup dialog * Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss Ran make format
* Fix #3142 - Warn user when entering invalid TOTP secret key. * Fix #773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button. * Add ability to choose hash algorithm from the TOTP setup dialog * Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss Ran make format
* Fix #3142 - Warn user when entering invalid TOTP secret key. * Fix #773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button. * Add ability to choose hash algorithm from the TOTP setup dialog * Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss Ran make format
* Fix #3142 - Warn user when entering invalid TOTP secret key. * Fix #773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button. * Add ability to choose hash algorithm from the TOTP setup dialog * Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss Ran make format
* Fix keepassxreboot#3142 - Warn user when entering invalid TOTP secret key. * Fix keepassxreboot#773 - The TOTP dialog now listens for the copy shortcut without having to press the Copy button. * Add ability to choose hash algorithm from the TOTP setup dialog * Add upgrade to "otp" attribute when custom attributes are chosen to prevent data loss Ran make format
Expected Behavior
TOTP secrets are persistently stored.
Current Behavior / Steps to Reproduce
Context
This used to work just fine in the past, I don't know which version broke it.
I'm experiencing this both on windows and macos.
fwiw this totp secret has been in my db for a long time before it disappeared, surviving many saves and restarts.
Debug Info
KeePassXC - Version 2.4.1
Revision: 7bafe65
Qt 5.12.2
Debugging mode is disabled.
Operating system: Windows 10 (10.0)
CPU architecture: x86_64
Kernel: winnt 10.0.17763
Enabled extensions:
Cryptographic libraries:
libgcrypt 1.8.4
The text was updated successfully, but these errors were encountered: