Jump to content
  • 1
Aisling Jameson

We are unable to decode the file storing your credentials. Need help?!

Question

  • 0

Here's the detailed instructions of how to do a clean reinstall... link.  Follow them and you should be alright.  Remember to set your hidden folders to show or you'll never be able to find the ones you're looking for.

...Dres

  • Like 1

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0
On 4/14/2017 at 3:02 AM, angelpatty said:

My advice?  Strongly consider any other choice of an OS.

Well I have upgraded my system on MAC, same glitch, and with the last firestorm viewer :)

Share this post


Link to post
Share on other sites
  • 0

Although this is a post from six years ago, it's still a fairly common occurrence.  This is not the fault of the viewer, but the operating system, and can occur after an OS upgrade (on both Macs and Windows; not sure about Unix systems.)

It's generally a fairly simple matter to just manually re-enter your user name and password.  UNLESS you relied on that "remember my password" check box on the log-in screen and have forgotten your password.

Don't do that.

But, if you did, your web browser might remember your password in its stored data.  Or if that doesn't help, you can request LL's help in setting a new password.

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)
23 hours ago, Lindal Kidd said:

This is not the fault of the viewer

Sorry Lindal, it *is* the fault of the viewer. The viewer is written to encrypt the credentials with a transient configuration.

People being people, the viewer really should store all it's credentials locked away under a master password. If the transient-keyed decryption fails, rather then saying "well dayum, you're SOL" ask what the master password is, and unlock all avatars and alts again.

While this transient credentials thing might have been ok back in the days of Windows XP, it's really showing up it's limitations with later operating systems, like Windows 10 - which now goes through a regular 6-12 month major update cycle.

This problem won't go away, the key chosen to encrypt the credentials is no longer stable.

Sure, it's not an issue to people with one avatar, they can shrug, retype their password and be on their way - this isn't the case for everyone.

Edited by Shudo

Share this post


Link to post
Share on other sites
  • 0

You may be right; I don't know enough about the viewer to argue the point!

I'm not sure why the problem is worse for people with multiple avatars, though.  Don't you write down ALL your alts's passwords?

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)
9 hours ago, Shudo said:

Sorry Lindal, it *is* the fault of the viewer. The viewer is written to encrypt the credentials with a transient configuration.

People being people, the viewer really should store all it's credentials locked away under a master password. If the transient-keyed decryption fails, rather then saying "well dayum, you're SOL" ask what the master password is, and unlock all avatars and alts again.

While this transient credentials thing might have been ok back in the days of Windows XP, it's really showing up it's limitations with later operating systems, like Windows 10 - which now goes through a regular 6-12 month major update cycle.

This problem won't go away, the key chosen to encrypt the credentials is no longer stable.

Sure, it's not an issue to people with one avatar, they can shrug, retype their password and be on their way - this isn't the case for everyone.

This isn't really how encryption works. You can't have two "keys" that are both able to decode the same file, this would make the form of encryption inherently much less secure overall.

While you can have a "master password," this would be used for the actual key used to decrypt the files. It's a second level of encryption, or a second password for your password. You might think that the viewer can just "automatically give the master password then," but that doesn't prevent the issue mentioned in this thread because it's the last encryption that fails.

That said, this could be caused by either:

  • File permission error
  • or corrupted file

For the former, the error is caused because the viewer is not allowed by the OS to open the file. There are some utilities for "taking ownership of a file" on your OS of choice. (You'll have to google that yourself because it depends on your OS.) For the latter there's no salvaging it. Even a slight change in the file will cause it to not return any valid decrypted data, causing this error.

However, since the encryption method (as far as I've seen) seems to be based on the network ID of the computer, like the error says, a router swap, new connection, etc. is eventually going to change your locally designated decryption key. Also like the error says, your only hope is to change everything back the way it was. Otherwise you'll just have to start over with the logins.

P.S. OS updates do not change regular files or how they are encrypted, this would be incredibly harmful to all users and businesses.

Edit: Found this - https://jira.secondlife.com/browse/BUG-139291

Edited by Wulfie Reanimator

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)
5 hours ago, Wulfie Reanimator said:

That said, this could be caused by either:

  • File permission error
  • or corrupted file

It's caused as the password store is using a volatile key based on details of the network adapter to encrypt it. Every single time that the a major windows 10 upgrade is done, the key chosen by the Lab back in the old XP days is likely to change and the record of all avatars/alts is wiped clean. Most people with only one avatar likely don't remember it each windows upgrade, they just re-enter and keep going.

It's annoying, and over the last few years I have forgotten the names of a few very rarely used avatars from this.

That key is no longer appropriate to use. It's an ancient viewer architecture choice that really needs to be reconsidered.

 

5 hours ago, Wulfie Reanimator said:

This isn't really how encryption works.

Seems you missed my idea, I guess I didn't explain clearly, let me try again please!

Between windows updates (For 6 months of the year) things work just as now. But you also have one secondary master store that is kept secured by a master hand typed password. If the Windows update kills the standard store, that master store can be decrypted and loads into the old style store as we know it now.

So, when MS update Windows each 6 months and the hardware key is lost like it is now, instead of the "lost credential" message you are asked for a master password, that second store is decoded and populates the hardware store as it is now with all lost avatars and passwords.

As it stands now.. if that hardware key is lost (every 6 months) all your alts go missing without any backup but paper and pen.

Additional advantage: You can move the master store to a new PC, type in the password and all your alts and passwords are loaded.

Edited by Shudo
  • Thanks 2

Share this post


Link to post
Share on other sites
  • 0

I do let the viewer remember my password - and the passwords of my various alts.  I've also gone through multiple Windows updates - you pretty much can't avoid them these days.  Yet I've never experienced a problem with my login credentials.

Just saying...........

  • Like 1

Share this post


Link to post
Share on other sites
  • 0

Hey, I use Linux Mint, and I get that message occasionally. So it's not a Windows thing, although the mentions of Windows Updates made me wonder whether it happens after I do software updates (which are optional, but I like to stay up to date).

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)

It's clearly the viewer problem here, if that problem happen on windows, mac and linux, then it's clearly proved. It's sucks on all systems.

Apparently lindens still to work with old systems. 

And even if you do a clean install with all files removed, the problem come back all the times. 

Edited by Kianta Silverfall

Share this post


Link to post
Share on other sites
  • 0

I still say you should think of it as a feature, not a bug.  Keeps you from getting lazy and trusting the log in page to remember your security info...which is poor practice in any case.

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)
On 3/3/2019 at 6:26 PM, Shudo said:

Sorry Lindal, it *is* the fault of the viewer. The viewer is written to encrypt the credentials with a transient configuration.

You have misunderstood the idea of security that Firestorm is using. The transient part is not Firestorm, it is Windows and Mac. The OS are designed to protect data and block some uncommon attack paths. One of those being people changing the OS to get a new password in. The encryption on Windows is tightly tied to the user and Windows and affects what FS does.

If the viewer, which is open source, were the only encryption protection and they kept all the plain text passwords in an encrypted file then it would be simple to use the code built into the viewer to crack the passwords.

So, for money-involved-password level security the responsibility for remembering passwords falls to you. 

Edited by Nalates Urriah

Share this post


Link to post
Share on other sites
  • 0
5 hours ago, Nalates Urriah said:

You have misunderstood the idea of security that Firestorm is using. The transient part is not Firestorm, it is Windows and Mac. The OS are designed to protect data and block some uncommon attack paths. One of those being people changing the OS to get a new password in. The encryption on Windows is tightly tied to the user and Windows and affects what FS does.

If the viewer, which is open source, were the only encryption protection and they kept all the plain text passwords in an encrypted file then it would be simple to use the code built into the viewer to crack the passwords.

So, for money-involved-password level security the responsibility for remembering passwords falls to you. 

Would you trust your front door key to a lump of putty?

The fault is the viewers for chosing a poor encryption key to store the list of account names.

  • Haha 2

Share this post


Link to post
Share on other sites
  • 0
9 hours ago, Shudo said:

Would you trust your front door key to a lump of putty?

The fault is the viewers for chosing a poor encryption key to store the list of account names.

I think you missed Nalates' point.  As I understand it, the "lost password" phenomenon is a direct result of using a MORE secure way to store your credentials.  I'd rather have to re-enter a password than find some hacker has cocked up my OS and substituted his own passwords for mine.

  • Like 1
  • Thanks 1

Share this post


Link to post
Share on other sites
  • 0
On 3/13/2019 at 3:52 PM, Lindal Kidd said:

I think you missed Nalates' point.  As I understand it, the "lost password" phenomenon is a direct result of using a MORE secure way to store your credentials.  I'd rather have to re-enter a password than find some hacker has cocked up my OS and substituted his own passwords for mine.

Never I got those problem in Mac OS Mavericks, now I have that on Mac OS Sierra, conclusion, the viewers are really outdated. Mavericks was made 5 years ago.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...