Skip to content

release-2022-12-01-10.14/+0100
Compare
Choose a tag to compare
@klues klues released this 01 Dec 09:16
· 3187 commits to master since this release
release-2022-12-01-10.14/+0100
d0c2c69

Stability improvement

In some scenarios it was possible that online accounts get unusable by decryption issues. This release adds some improvements to avoid blocking online accounts.

Technical background

All data from online users is encrypted using a hash of the user's password as encryption key. For additional security a salted hash is used. The salt is the unique ID of the user's metadata object (storing user's settings). This object should be unique, but in some cases it can happen (for unknown reasons) that it's created a second time in the database, which then can result in decryption issues, since some objects are encrypted with the salt of the first metadata object ID, some with the second one.
Instead of just failing at decrypting, now all IDs of existing metadata objects are tried. If decryption still fails (for unknown reasons), this one object (e.g. grid) is discarded, but the account should still be working.
A better solution would be to use a different salt (e.g. the ID of the object to decrypt), but since there are already thousands of users existing with this encryption strategy, we won't change it.

Assets 2
Loading