After upgrade to v5.1.1851.0 on Windows 10, master password is no longer accepted

TheoGrayTheoGray Posts: 17 Explorer
edited February 8 in F-Secure KEY

KEY is used across various devices including some Windows ones. This evening two of the Windows 10 (20H2 build 19042.746) devices have been updated to the latest version of KEY and now neither accept the master password. The master password has been double-checked on one of the mobile devices so is definitely correct.

On one of the Windows 10 devices KEY has subsequently been uninstalled and then reinstalled using the latest version download from the KEY website, but this has made no difference.

KeyLib.log file adds these two entries after every attempt to login:

  • I: Binary version: 5.1.24.0, compilation time: Jan 22 2021 13:56:24
  • *E: KeyCrypto::SetLastError: Crypto: Record is too long

Presumably this a bug in v5.1.1851, or does something else need to be done?

If this is a bug, how do I rollback to the previous version of KEY?

Z172177Jarad_CFS-Jouni

Accepted Answer

  • CaleCale Posts: 113 F-Secure Product Manager
    Accepted Answer

    Hi,

    The fix started to roll out a couple of hours ago and we have received first report that it fixed the issue.

    With the new client, the upgrades happen silently, so to verify you are running the latest version, you can check the version number from the About, which should say '5.1.1852.0' at the bottom right corner.

    -Cale

    Jaims

Answers

  • LucaseuropaLucaseuropa Posts: 254 Moderator

    Hello @TheoGray,


    I can assure you that I will be checking that with my colleagues.

    You can expect to hear from us soon.


    Thank you for your patience.

    Cheers,

    Lucas

    Ukko
  • wbeckerdewbeckerde Posts: 3 Observer

    Same effect here on Windows 10 Home (20H2 built 19042.804). After update of KEY to the latest version the master password is not longer accepted. Double checked with two mobile devices (Apple) and also tried to import the recovery code. Error: "The password is not your current master password".

    KeyLib.log:

    2021-02-10 09:12:22.122 [34a0.09bc] I: *** LOGGING STARTED *** (UTC+1:00, session: 0x1)

    2021-02-10 09:12:22.122 [34a0.09bc] I: Binary version: 5.1.24.0, compilation time: Jan 22 2021 13:56:24

    2021-02-10 09:12:22.162 [34a0.09bc] *E: KeyCrypto::SetLastError: Crypto: Record is too long

    2021-02-10 09:12:50.671 [34a0.09bc] I: Binary version: 5.1.24.0, compilation time: Jan 22 2021 13:56:24

    2021-02-10 09:12:50.718 [34a0.09bc] *E: KeyCrypto::SetLastError: Crypto: Record is too long

    2021-02-10 09:13:30.124 [34a0.09bc] I: Binary version: 5.1.24.0, compilation time: Jan 22 2021 13:56:24

    2021-02-10 09:13:30.171 [34a0.09bc] *E: KeyCrypto::SetLastError: Crypto: Record is too long

    2021-02-10 09:14:02.597 [34a0.09bc] I: Binary version: 5.1.24.0, compilation time: Jan 22 2021 13:56:24

    2021-02-10 09:14:02.627 [34a0.09bc] *E: KeyCrypto::SetLastError: Crypto: Record is too long

    Please help!

    Winfried

    Jarad_C
  • TheoGrayTheoGray Posts: 17 Explorer

    Hello @Lucaseuropa

    I'd rather not go through any more days of having to bring up passwords on a mobile device to then manually type them in on Windows 10 devices.

    This now appears to be a confirmed bug with the latest release, so please could you supply a link to a previous (working) installer so that we can rollback and make KEY usable again until the bug is fixed?

    Jarad_C
  • LucaseuropaLucaseuropa Posts: 254 Moderator

    Dear @TheoGray ,


    This issue is being currently investigated by my colleagues from the technical departement.

    Please be patient and wait for the results.

    Thank you.

    Cheers,

    Lucas

  • TheoGrayTheoGray Posts: 17 Explorer

    Hello @Lucaseuropa ,

    Thanks for the reply but could you provide a link to the installer for a previous build (such as 4.91.410 which I know works) so that I can rollback while you investigate please?

    Having to use a mobile device to view and then manually type in URLs, usernames and passwords 10+ times a day is getting tedious very quickly...

    Jarad_C
  • LucaseuropaLucaseuropa Posts: 254 Moderator
    edited February 12

    @TheoGray ,

    We do not provide customers with links to previous versions of our programs.

    Please wait patiently for the update.

    Thank you.

    Cheers,

    Lucas

    Jaims
  • TheoGrayTheoGray Posts: 17 Explorer

    Hello @lumimies@Lucaseuropa, I see you've edited your last post from "the fix will be there very very soon" to "please wait patiently" this morning. Is there any news on a timescale for when the fix will be available?

    Jarad_C
  • Jarad_CJarad_C Posts: 1 New Member

    @lumimies@Lucaseuropa,

    I'd also like a timeline for a fix. F-Secure has released an update that has prompted all users to update the software, which as it turns out has a SIGNIFICANT flaw that has locked out people using Windows 10 from their password vault.

    Waiting patiently is frankly NOT an option.

    As a global manager of a cyber security market research practice at an international market research firm, I have to say that I'm deeply disappointed with the response and I'll be reaching out to F-Secure analyst relations today to express my displeasure.

  • UkkoUkko Posts: 3,198 Superuser

    Hello,

    Sorry for my reply. I am only an F-Secure user. I did use F-Secure KEY (at the time) only on one device (no syncing with any other). Perhaps, with such a case - inability to unlock KEY is indeed huge trouble. But since most of replies there are about "mobile devices" (where all is fine still) - maybe there is a kind of workaround.

    It may not be entirely Windows related or with specific case for upgrade flow only, or certain length/view of master password (however, it should be known for KEY team that trying to fix it probably). But I mean, what about own steps to temporary work around it. Does reinstalling the Windows client help?

    What I tried:

    • I installed F-Secure KEY on Windows 10 device. Set up as a fresh installation. Choose master password. Use it, log out, use it. KEY is unlocked.
    • I uninstall F-Secure KEY : User Data (if it is not visible under installed applications; then by using F-Secure Uninstallation Tool: Support tools | F-Secure (f-secure.com) - where to click "Choose what to delete" - "KEY User Data" if found).
    • Launch F-Secure KEY and set up as "sync with another device". I generated code on Android 9 device, and put it with Windows client. Type master password from mobile device, passwords - synced; Lock/quit F-Secure KEY and try to open it again. Type master password and it was possible to unlock.

    So, at least, with this flow - KEY is functioning with latest version 5.1.1851 and Windows 10.

    Thus, maybe if user with mobile devices where all is fine (and it means Premium subscription, sync functionality) - then just try to uninstall F-Secure KEY from trouble Windows device (or just by removing User Data) and sync it back from mobile by connecting fresh installation to Android/iOS device. Will it be possible to use Windows client with chosen password then?

    Thanks!

  • TheoGrayTheoGray Posts: 17 Explorer

    Hello @Ukko ,

    Thanks for the idea. I have just tried that as requested - uninstalled just User Data with the Uninstallation Tool and then reconnected - but no joy. As soon as the master password is required then the same problem occurs (the error appears three times in the log from the single entry of the master password after sync is setup):

    I: Binary version: 5.1.24.0, compilation time: Jan 22 2021 13:56:24

    I: KeyManager::InitializeUserData: Initial upload successful, revision: 1

    *E: KeyCrypto::SetLastError: Crypto: Record is too long

    Ukko
  • UkkoUkko Posts: 3,198 Superuser
    edited February 12

    Hello,

    Thanks for your response! So, it is strange then. At least, I double check again (now, I tried to sync from first) and again all was fine.

    But some more thoughts:

    • I tried with 20 characters master passwords (num/letters and one "."). Does your master password much longer?
    • Maybe it was not enough with your situation to uninstall User Data only. But something else can be a reason for stuck (however, I am not sure of that).
    • Maybe system/something else settings about network connection. I mean, for example SSL/TLS or so.

    With my log, after I: KeyManager::InitializeUserData: Initial upload successful, revision: 1

    There are connections (calls?) to https://avain.f-secure.com

    Since HTTPS, maybe if system did not use 'compatible' options - it may be rejected. Or somewhat "incompatible".

    I just not sure what means "Record is too long" with connection to "Crypto".

    Also, my User Data are not huge with this try (only 14 entries).

    In addition, I could suggest to try - uninstall User Data on Windows. And set up it as a fresh. just fresh. I mean, to create master password (not sync) - will it accept your master password?

    Thanks!

    // if your "KeyCrypto::SetLastError:" is not really right after first line - then I also with one, but another look (and it was always there when I look at): *E: KeyCrypto::SetLastError: Crypto: Decrypt CCM failed

  • TheoGrayTheoGray Posts: 17 Explorer

    Thanks @Ukko ,

    I believe the issue may be down to the number of passwords (currently I have >350) rather than the master password.

    Other user profiles on a shared Windows 10 computer can access their own KEY successfully.

    Ukko
  • TheoGrayTheoGray Posts: 17 Explorer

    @Ukko I've tested my master password on a fresh install and that works fine, so it doesn't look like my master password is the problem.

    Ukko
  • UkkoUkko Posts: 3,198 Superuser

    Hello,

    Very thanks for your replies and responses.

    The point about the number of passwords were logic and I tried to check so. However, I was unable to repeat the trouble. So, I start to think about master password again (but you wrote that it was fine with fresh installation as such). The only points on my mind are "remains" of previous installation (because I tried to check it with clean KEY installation - it was not installed before on Windows) and something about Network (Secure connection). OR the real size of User Data. I mean not only count, but maybe size, weight or content.

    I'll try to go deeper (somehow differently).

    What I tried after my previous reply. I tried to increase number of passwords on Windows device. Thus, only about 170 entries were legit. All other generated by me with bogus ways (maybe it is matter). So, I ended with 378 passwords or 396 entries.

    Then, I found that my initial tries about Android device (Android 9) were about beta F-Secure KEY. So, I decided to check it with normal F-Secure KEY on another Android device (Android 11).

    So, I sync my Windows 10 device (378/396 passwords/entries) with fresh installation on Android 11 device. Then clear up User Data on Windows 10 and sync it back. Anyhow, I still able to access with my master password any of those devices (unlock KEY).

    I also tried to create one fresh entry with Android 11, and devices synced good.

    Android with Wi-Fi (did not check with mobile data), Windows 10 with Ethernet.

    Sorry for my English. And sorry for my replies/suggestions - I just found it strange that I did not repeat trouble... but I will play now a bit more (for understanding what else could be different).

    Thanks!

  • CaleCale Posts: 113 F-Secure Product Manager

    Hi,

    First of all, I apologize for the trouble you have encountered. If your data is synced with Mac/Android/iOS client, can you check if any of your password's entries 'Notes' section have excess amount (hundreds of lines) of text. Clearing such and then resyncing the Windows client should help.

    -Cale

    UkkoTheoGray
  • UkkoUkko Posts: 3,198 Superuser

    Hi,


    First of all, I apologize for the trouble you have encountered. If your data is synced with Mac/Android/iOS client, can you check if any of your password's entries 'Notes' section have excess amount (hundreds of lines) of text. Clearing such and then resyncing the Windows client should help.


    -Cale

    Hello,

    Should this also reproduce trouble? Although this situation did not affect me. But I tried to repeat it. So far I have created 409 entries (mostly with passwords; all passwords are unique; some fields are really hugely crafted - title, url, note, password itself and other; some Credit Card entries - but just some) and I was not able to repeat trouble impact having two connected devices Android 11 / Windows 10.

    In fact, I had some pretty weighty Notes (added) too - because I took them from an old export file from F-Secure KEY. But I didn't calculate lines of them exactly. And was all fine, anyway.

    After your reply I tried to create huge fresh Note entry. I used available limits. Probably it is counted as 4096 characters (no spaces, no breaks, solid text). And synced well with both sides. But then killer entry is disappeared. Maybe when I tried to edit (extend) it under Android. I also decided to create then "two" bytes characters with its allowed limits per form on Android. And then, this entry is not synced with Windows client - but still visible on Android.  At that point - also I found that Windows client already with broken "Password Analysis", as well as export functionality. It thinks that there is no passwords at all. Export file with {"data":null}. By editing/adding anything normal on Android (with safe way) - it is still synced with Windows. But not about killer entries.

    However, I also still able to unlock KEY normally.

    maybe this is another kind of trouble (I used 'allowed' size of Note part). However your described point maybe about some previously available limits (?).

  • TheoGrayTheoGray Posts: 17 Explorer
    edited February 13

    Thanks for the reply @Cale

    I’ve been through every record and can’t see more than ~250 characters in any of the Notes fields.

    The only larger than normal thing I did spot was that one record has a Password field containing 65 characters.

    Apart from that nothing appears out of the ordinary.

    Update: 13-Feb (not sure where my post from this am went, but...) I have tried moving the 65-char contents of the Password field to the Notes field, then used Ukko's uninstall User Data & re-Connect but had exactly the same result as before. I don't believe any record has more than 512 characters in it and certainly nowhere near the 4K limit (that Ukko mentioned) in any one field. My KEY database started in early 2016 so has been through various versions in the past 5 years without any problem before now.

    Ukko
  • TheoGrayTheoGray Posts: 17 Explorer
    edited February 13

    This morning I've moved the 65-character Password field I'd found to Notes and then retried @Ukko's method of clearing the User Data via the uninstall tool and then reconnecting, with the same result as yesterday - Sync successful, then master password doesn't work and KeyLib.log shows:

    I: Binary version: 5.1.24.0, compilation time: Jan 22 2021 13:56:24

    I: KeyManager::InitializeUserData: Initial upload successful, revision: 1

    *E: KeyCrypto::SetLastError: Crypto: Record is too long (x3)

    There's a possibility there are (a very small number of) other longer Password fields that I didn't spot while I was scanning through yesterday evening but all of my records are well under the 4K limit that Ukko mentioned and I'd be surprised if any record is over 512 characters in total.

    I originally started using KEY in early 2016, so my data has been through various KEY versions over the past 5 years.

  • wbeckerdewbeckerde Posts: 3 Observer

    @Cale Today I also moved through my whole database (>180 datasets). No PW is longer than 24 characters and no notes section contains more than 400 signs (including blanks). This therefore cannot be the reason for for the trouble. And, to be honest, if there really is a limit for the size of the notes section it would be good programming practice if the software catches such errors. It is not the best way to find the fault with the customer first.

    I found an installer for version 4.9.189 in the www (contaminated with adware!). After uninstalling v5.1., installing 4.9.189., and resyncing everything works fine. I cannot understand, why you don't provide us with a link to the latest stable release for downgrading? Is this your understanding of customer friendliness? So I now wait for your fix. In the meantime I carefully read a report in the actual c't magazine. They tested 25 password vaults. I am using KEY since 2014, perhaps it's time for a new start with a competitive product.

    TheoGray
  • UkkoUkko Posts: 3,198 Superuser
    edited February 13

    Hello,

    Since of your mention 4.9.189, I managed to find the installer for this version. I suppose that the very safe one (unless there is something too something unexpected).

    So, I installed F-Secure KEY 4.9.189 as clean installation. Added one password with "so so" data. Received upgrade prompt. Did so.

    Result is F-Secure KEY 4.91.410 installed. I did not add any fresh entries. Received upgrade prompt. Did so.

    Result is F-Secure KEY 5 installation started. I tried with Windows Defender (Microsoft Defender) enabled - so it reported about some changes with protected folders during installation. Maybe because of that - installation requested restart. I did so, after restart - installation continues. When installation completed - I launch F-Secure KEY and successfully unlock it. This is F-Secure KEY 5.1.1851.0

    Thus, I did not repeat the trouble again. But, at least, for now I have quite many ways to play with. Maybe it will be possible to reproduce the impact of the trouble.

    Sorry for my reply. Thanks!

    // I played around a little bit. Here's what I tried.

    I installed (clean installation as possible) F-Secure KEY 4.9.189 with custom path (folder). Imported all exported (and later ".fsk") files that I found in my backups. One of them was five (or a bit more) years old. However, this is only file date (actual data inside, perhaps, older). Others, more recent.

    I also imported file (crafted) from Microsoft Edge (chromium) browser. With two or three entries.

    The result was about 189 entries (mostly with passwords). Some can be "huge enough". Also, one entry was with stuck - always opened (usual for old KEY? probably).  And some entries were without title and maybe wrong format (I mean it was password but added as credit card). It is impossible then to create entry without title - so I decided to keep that.

    Upgraded to 4.91.410 (by prompt at launch). All was fine. I added manually some more entries. And (what is probably was not necessary at all) added one bogus entry with really long notes and other fields. Perhaps, I did use its available limits.

    Then upgraded to latest (5.1.1851.0). By prompt at launch. I still able to unlock KEY and generally to use it. However, I again with broken state of Password Analysis and impossible to export data - because it is "null" I result.

    Sounds, that some entries are also not there. Probably (I suppose) these ones without title - otherwise it can be on top. And maybe some others. Because, the order was "as expected" but not as before upgrade - however I did not remember what exactly was different (just general look of first some entries surely another - but logical now).

    I did not try to sync; it was not premium installation. Also I did not try any not so violent ways (at least, to drop step with adding too much huge note at second stage).

    Thanks!

  • RedJimRedJim Posts: 15 Observer

    Cross-linking to this thread after Ukko. The latest desktop version seems to have some kind of bug related to long hyperlinks/weblinks. That might correspond to the "Record is too long" message above.

    Ukko
  • wbeckerdewbeckerde Posts: 3 Observer

    Dear all,

    I again started from the scratch.


    1.) Installation of v4.9.189 from the www.

    2.) After start of v4.9.189 I did not choose to reconnect, I generated a fresh master password (KEY free)

    3.) Lock application, open new, unlock with new master password, no entry in the database

    4.) Update was offered and accepted

    5.) Automatic update to 4.91.410

    6.) Unlock with new master password, database is still empty

    7.) Update was offered and accepted

    8.) Automatic update to 5.1.1851.0

    9.) Propmt for master key, entering the fresh master key, error: not your current master password, database still empty

    but nevertheless one can find in keylog.txt:

    2021-02-15 10:02:02.816 [35cc.030c] I: Binary version: 5.1.24.0, compilation time: Jan 22 2021 13:56:24

    2021-02-15 10:02:02.847 [35cc.030c] *E: KeyCrypto::SetLastError: Crypto: Record is too long


    My conclusion: The error still occurs without any data, it has nothing to do with the content of the database.

    I also tried steps 1 - 9 with different passwords, one consisting only of plain text, one with symbols and numbers, it makes no difference.

    Since the error occurs not at every installation/user, it is maybe related to settings/specifics of the operating system?


    Regards,

    Winfried

    Ukko
  • CaleCale Posts: 113 F-Secure Product Manager

    Hi,

    It seems that this issue is concerning a few users that have been using the product for a long time. There has been a client version in the past that allowed to enter data that the latest clients don't accept. We are working on a fix and will make a maintenance release as soon as we have verified that the fix will work in all situations.

    @TheoGray & @wbeckerde, if you want to help testing the fix, please check your community inbox.

    @wbeckerde, when your product was upgraded for the first time, a backup copy of your data was created. When you think you are doing a clean install and upgrade to the new version, it finds the backup data and thus you run into the same issue again.

    -Cale

    Laksh
  • TheoGrayTheoGray Posts: 17 Explorer
    edited February 15

    Thanks @Cale, I've tested and fed back to the Inbox message.

  • weekendgeekweekendgeek Posts: 1 New Member

    This is absolutely unacceptable. Full Stop.

    I ran in to this bug today, the 15th, after being prompted to install the new Windows desktop version.

    How can you possibly still prompt people to upgrade with a program breaking bug?

    A user even asked for a previous version download to restore service and get back to working with the application they paid for - you declined. What in the actual F?

    I've been subscribing since the beginning of Key - no more. Subscription cancelled.

  • TeePajaTeePaja Posts: 2 New Member

    This is absolutely unacceptable. Full Stop.


    Also I run into same topic yesterday after the prompt to update on Windows.

    How can you possibly still prompt people to upgrade with a program breaking bug?

    @Cale Can I get mentioned test fix or how long do I need to wait to get this sorted out? Really frustrating.


    Regards,

    Teemu

  • CaleCale Posts: 113 F-Secure Product Manager

    Hi,

    We fully understand your frustration and we are really sorry that this has happened to you. We are currently validating a fix and aim to release it with expedited schedule already on Thursday. In case you are in a urgent need for a solution, please contact our support and you will receive instructions how to workaround the problem.

    -Cale

    Jaims
Sign In or Register to comment.