Skip to content
This repository has been archived by the owner on Jul 5, 2024. It is now read-only.

Failure in decrypt not assumed to be a wrong password #2

Open
Tsaukpaetra opened this issue Jul 30, 2019 · 2 comments
Open

Failure in decrypt not assumed to be a wrong password #2

Tsaukpaetra opened this issue Jul 30, 2019 · 2 comments

Comments

@Tsaukpaetra
Copy link

Console log:

2019/07/30 01:15:13 Found existing device registration
2019/07/30 01:15:13 Authy User ID {{OBFUSCATED}}, Device ID {{OBFUSCATED}}
2019/07/30 01:15:13 Please provide your Authy TOTP backup password:
2019/07/30 01:15:17 Here are your authenticator tokens:

panic: runtime error: slice bounds out of range

goroutine 1 [running]:
github.com/alexzorin/authy.decryptToken({{OBFUSCATED}})
        /home/travis/gopath/src/github.com/alexzorin/authy/crypto.go:110 +0x4bb
github.com/alexzorin/authy.AuthenticatorToken.Decrypt({{OBFUSCATED}})
        /home/travis/gopath/src/github.com/alexzorin/authy/objects.go:175 +0x88
main.main()
        /home/travis/gopath/src/github.com/alexzorin/authy/cmd/authy-export/authy-export.go:71 +0x631

Strange that it was a panic, but there you go. :)

For those who aren't launching the tool in terminal, might include one last "Press any key to exit" prompt, the window just disappears upon completion.
alexzorin added a commit that referenced this issue Jul 30, 2019
@alexzorin
decryption: perform sanity checking on padding
3eabc63 
Fixes the panic reported in #2
@alexzorin
Copy link
Owner

The decryption panic snuck in when I fixed an earler decryption unpadding issue, oops. 3eabc63 should fix it.

That said, I think that this error almost certainly means either wrong password or bad data.

Couple of things you can do:

  • Setup the Authy Chrome app and try decrypt your tokens in there with the same password
  • Run from latest source with AUTHY_DEBUG=1 environment variable set and check if the encrypted_seed+seed it's failing to decrypt looks "normal" or not.

For those who aren't launching the tool in terminal, might include one last "Press any key to exit" prompt, the window just disappears upon completion.

I guess this is specific to Windows? Makes sense, but I'm not sure if there's a way to tell whether a user ran via "double click" rather than from cmd.exe. It's got a terminal attached either way. I'll have a think.

@Tsaukpaetra
Copy link
Author

Yeah, I just fat-fingered the password when I discovered it.

The terminal thing might not necessarily be Windows-only, haven't tried it on anything else though. I don't recall if it's possible to know if the program was launched directly or inside the terminal, but I'm betting the answer would be no.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexzorin @Tsaukpaetra