Wrong passwords when name contains non-ascii characters

Question

Wrong passwords when name contains non-ascii characters

jeffrson opened this issue 10 years ago · 6 comments

When the user name contains umlauts (for example) the generated password is apparently wrong.

Example:
Full name: Jens Weißmüller
Master Password: 123
Site: eBay
Counter: 1
Template: Medium

Generated: Yar8/Fos
Correct: JidHeh8_

Answer 1 · 2014-11-26T07:50:26.000Z

I believe I have isolated the bug. I believe it is occuring at mpw.js#L50 where the length of the binary string is added and not the number of characters in the string which appears to be inconsistent with MasterKey.java. I'll work on fixing this later.

Can @lhunath confirm that this is the intended case?

Answer 2 · 2014-11-26T15:31:51.000Z

What you want is to use the length in bytes, not the number of "characters". It looks like MasterKey is broken, too.

Answer 3 · 2014-11-26T15:34:34.000Z

https://project.lyndir.com/youtrack/issue/MP-38

Answer 4 · 2014-11-26T15:55:58.000Z

The behaviour of mpw-js is consistent with what @lhunath has said so I'm marking this as wontfix. I will leave it open though until a fix reaches the official app. Until that point it's still an inconsistency.

Answer 5 · 2014-11-28T17:57:38.000Z

note: unless we can figure out how to compile scrypt-asm ourselves reliably, https://js.masterpasswordapp.com will likely move to cuardin's implementation.

See: https://project.lyndir.com/youtrack/issue/MP-14

Answer 6 · 2015-01-17T10:57:50.000Z

I've closed this issue as 'Desktop (Java)' now also reflects the correct behaviour.