Closed
Bug 443527
Opened 17 years ago
Closed 16 years ago
Wizard: Passphrase verification fails when there is no data on the server
Categories
(Cloud Services :: General, defect)
Cloud Services
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 506141
1.0
People
(Reporter: hello, Assigned: anant)
Details
If one connects via WebDAV and deletes all files on the server, then re-runs the setup wizard, it will fail to verify the passphrase. This is because it is attempting to verify the passphrase, but there are no files on the server.
The problem is that the passphrase verification method attempts to download the user's private key, but fails (because there is nothing there). It then returns false (incorrect passphrase) instead of throwing an exception of some sort.
|
||
Comment 1•17 years ago
|
||
Is there a work around for this?
Maybe a script to manually generate/upload the keys?
Also doesn't leaving the private key on the server along with the encrypted data make the data less secure?
You only need to brute force the passphrase and not the RSA key.
There should be an option to move the keys to the other machine bypassing the webdav storage provider.
|
Reporter | |
Comment 2•17 years ago
|
||
This is partially fixed now. I've hacked verifyPassphrase() to succeed when there are no keys on the server. We only use it from the wizard, and know the keys will be created later in the wizard.
However, I'm leaving this bug open for the more long-term fix of throwing/erroring with a specific error, which calling code can then catch and distinguish from 'wrong passphrase'.
|
||
Comment 3•17 years ago
|
||
I have the same problem even with Weave 0.2.4. New weave installation on my third computer and the passphrase verification cannot be completed.
|
|
||
Comment 4•17 years ago
|
||
Dunno if it is the same problem, but that helped for me:
Go to about:config and change the following key from "nobody" to your username:
extensions.weave.username
You'll now get the regular login popup instead of the wizard.
|
||
Comment 5•17 years ago
|
||
(In reply to comment #4)
> Dunno if it is the same problem, but that helped for me:
>
> Go to about:config and change the following key from "nobody" to your username:
> extensions.weave.username
> You'll now get the regular login popup instead of the wizard.
>
Observations:
Confirming this works on Weave 0.2.5, Ubuntu 8.04, Linux 2.6.24-19-generic #1 SMP Fri Jul 11 23:41:49 UTC 2008 i686 GNU/Linux.
I'm also confirming the problem exhibits again if I revert the entry back to 'nobody', the default.
Background:
There were some other encryption related dependency problems under Ubuntu which (I think) were solved circa 10 days ago/Weave 0.2.2 - 0.2.4. While wrestling with those problems, in the Weave preferences, I had "Reset Login", "Reset Server Lock" and "Reset Server Data". I assume the "Resets" deleted all my data (if there was any) on the server. Subsequently, I was not able to successfully login to Weave or the server (https://services.mozilla.com/user/USERNAME/). The starting state of data on server was unknown. I am using the same account created with release of Weave 0.2.0 -- No additional user accounts were created or harmed during the production of this film.
Conjecture:
Using the stated solution, I believe the problem lies with the wizard.
More:
I have only tested this solution on Weave 0.2.5; nothing prior.
I have Weave log files available for review, if requested.
I have not been able to test on 'additional' systems yet.
|
|
Reporter | |
Comment 6•17 years ago
|
||
To my surprise, you are correct. This bug is not yet fixed, and my 'partial' fix from comment #2 will actually only work in limited circumstances (which fooled me into believing it was fixed).
|
|
||
Comment 7•17 years ago
|
||
Update (to comment #5):
Using solution from comment #4 I have run Weave 0.2.5 successfully on 2x Ubuntu 8.04; 1x Win XP SP3 boxen. In all cases, I was unable to proceed beyond verify passphrase (server timeout) without having first changed the username in "about:config".
Initial synchronization on all 3 systems took awhile. 1st box ~20 mins, 2nd & 3rd boxen ~5 mins each. Once this is completed, all subsequent syncs are quick (<90 sec).
|
|
Reporter | |
Updated•17 years ago
|
No longer blocks: 468689
Summary: Passphrase verification fails when there is no data on the server → Wizard: Passphrase verification fails when there is no data on the server
Target Milestone: 0.3 → 0.4
|
|
Reporter | |
Updated•16 years ago
|
Target Milestone: 0.4 → 0.5
|
|
Reporter | |
Updated•16 years ago
|
Target Milestone: 0.5 → 1.0
|
||
Updated•16 years ago
|
Component: Weave → General
Product: Mozilla Labs → Weave
|
||
Updated•16 years ago
|
QA Contact: weave → general
|
|
||
Comment 8•16 years ago
|
||
Dan, does this matter now that we have a server component?
|
Assignee | |
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•16 years ago
|
Assignee: nobody → anant
|
||
Comment 9•16 years ago
|
||
Was hard to track down which bug to dupe to; no bug number on the commit:
http://hg.mozilla.org/labs/weave/rev/914ac9f7acf1
Resolution: FIXED → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•