Password not working

os:linux

#1

Using Ubuntu 16.04 have the vault backed up in dropbox.

First created my vault on 16th Jan 2018. Been unlocking and storing files in it since.

Since March this year I am getting “wrong password”.

Few things have happened, I did have the vault stored on an encrypted drive, and dropbox sent out a notice these were no longer supported, so I had to move my dropbox folder location.

I have checked and the file has not changed in dropbox since it was created.

It is possible I’ve forgotten my password, but i’ve been logging in ~once/twice a month since jan 2018.

What are my options? Can i run a cracking script with a mask?


#2

I should add, i have tried changing the settings regards webdav (although this is post decryption so I guess it doesnt matter).

I’ve also tried installing the version of cryptomator that would have been available jan 2018 still no luck


#3

If the password doesn’t work, there are theoretically three options:

  1. You typed in the wrong password,
  2. the masterkey.cryptomator was damaged
  3. or the software changed the way it checks your password.

option three

Indeed we change the implementation of the password field a while ago, which caused problems with non-printable characters. There have been a handful of users using such non-printable characters in their password. But since you also tried the “old” version, we can rule out this option.

option two

On any successful login (and only then!) the masterkey file is backed up to masterkey.cryptomator.bkup. The last modification date of this file should therefore reflect the date of your last successful login. You can try to restore this version (simply be duplicating it and renaming the duplicate back to masterkey.cryptomator).

Since you’re syncing your vault to Dropbox, you can also take a look at the file version history. Any suspicious modifications? Then restore an older version of this file.

Otherwise this only leaves us with:

option one

If you forgot your password, there is nothing we can do about it.

You have in fact as many attempts to type in your password, as you like. Cryptomator does not limit this other than applying a hard-to-compute password derivation function. This means bruteforcing will take a lot of time. But if you know the general structure of the password and are just unsure about a few characters, thus limiting the possibilities to a few millions, this can indeed work.