invalid master password after android converted vault to opvault format

osarias7

@peri thank you

peri

Thanks @osarias7. One more question (and for @Stovies as well), to the best of your knowledge, do you think that your Master Password was changed from Android before December of 2016, or was it more recent than that?

osarias7

@peri for me it was more recent than that. I believe it was a few months ago.

peri

@randaltw Do you recall if you had changed your Master Password from 1Password for Android in the past? If so, and if you remember the old Master Password, are you able to unlock with that one? Also, do you happen to know if the Master Password change was prior to December 2016?

ref: VBN-56895-839

peri

@osarias7 Thank you for the info. I have reported this to our developers so they can look into it. For now, can you launch 1Password on Windows, open the OPVault folder with your old Master Password, and then change the Master Password again? Are you able to unlock 1Password on Android with the new one after?

Stovies

@peri I haven't changed the master password in some time and have no idea what it was prior to December 2016. Additionally, the password has never been changed in Android, only from Windows.

peri

Thanks @Stovies. I'd like to ask you to create a diagnostics report from your Android device:

Sending Diagnostics Reports (Android)

Attach the diagnostics to an email message addressed to support+android@agilebits.com.

With your email please include:

• A link to this thread: https://discussions.agilebits.com/discussion/95217/cannot-open-vault-after-updating-android-app#latest
• Your forum username: Stovies

That way I can "connect the dots" when I see your diagnostics in our inbox.

You should receive an automated reply from our BitBot assistant with a Support ID number.  Please post that number here so I can track down the diagnostics and ensure that this issue is dealt with quickly. :)

Once I see the diagnostics I'll be able to better assist you. Thanks very much!

randaltw

So I did some more testing Saturday.

I uninstalled 1Password7 from Andriod.
I renamed Dropbox/Apps/1Password.opvault to 1Password.opvault.bak0
I renamed Dropbox/Apps/1Password.legacyagilekeychain to 1Password.legacyagilekeychain.bak0
I copied Dropbox/Apps/1Password.legacyagilekeychain.bak0 to 1Password.agilekeychain.
I opened 1Password.agilekeychain from a computer and changed the master password to something short and simple.
I reinstalled 1Password7 from the Google Store.
I was able to successfully open the 1Password.agilekeychain on Android during install, it successfully converted to opvault format, and I was also able to successfully open the opvault format after successful conversion using the short and simple master password.

So all good to that point and I'm sure if I wanted to keep the master password short and simple, I could have moved on with my life at this point.

But then on Android, I went to settings and security inside the app and changed the master password back to my more complex password. This password is not crazy complex but does contain 4 ascii special characters all in a row. And that is when things went bad again. It allowed me to successfully make the password change, but now I can no longer use that password to unlock.

So there is definitely something different about the way the old vault code and the new vault code hashes out and handles decrypting passwords where one works and one doesn't for some special characters (or maybe more accurately, some number of special characters all in a row).

peri

@randaltw @osarias7 I went ahead and merged these two threads to keep this discussion happening in one place. :)

Thanks for the helpful information on this issue. We've discovered the source of the issue, and we plan to have a fix out in a coming update. Let me explain what happened here.

When you enable Fingerprint Unlock on Android, 1Password stores an encrypted version of a secret that is equivalent to your Master Password. However, this secret wasn't being updated when the Master Password changed. So when you changed your Master Password in the past, the encrypted secret was still based off of the old Master Password. Then when you converted your vault, that encrypted key still matched the old Master Password, causing that Master Password to be required for the new OPVault.

To resolve the issue, there are two options. First, if you know the old Master Password, you can manually change it in the new OPVault. Otherwise, you can do just as you mentioned, @randaltw, which is to rename the 1Password.legacyagilekeychain to 1Password.agilekeychain, reinstall 1Password on Android, sync with the Agile Keychain vault, and then convert again. By reinstalling on Android and syncing with this vault, you've deleted the encrypted secret, so that the newly converted vault will use the correct Master Password.

Just to clarify, you can use whatever you like as your Master Password. This doesn't have to do with length or strength. We do not recommend using special characters outside of the US-ASCII character set in your Master Password, but characters like /?()*&^ are fine. Feel free to go back to the Master Password you prefer to use.

Let me know if this helps! Thanks!

randaltw

Thanks for the information and explaination ;)

peri

No problem!

osarias7

@peri Thank you so much for actually looking into our issue and taking the time to try to solve it instead of assuming we had forgotten our passwords.

I do appreciate the time you put into helping us resolve our issue. You are an asset to the 1password community!

AGAlumB

@osarias7: Again, literally no one has said that you forgot your Master Password. Let's move on. :tongue: We're in agreement about Peri though. She's great. ;)

osarias7

@brenty Its ok, I probably took things more personally because of the issue, i know you all try to help a lot of people and most of the time is really weird stuff. I'm sorry. Thank you both and really, I do love the 1password app.

AGAlumB

@osarias7: Hey, I understand completely. :) And I'm still sorry about my earlier mistake as well. Thanks for being patient, especially under less-than-ideal circumstances (understatement, by any measure). I think we all want the same thing: to be able to enjoy 1Password in peace! Here's to smooth(er) sailing. :chuffed: