Password is lost

ildar.mulyukov · April 10, 2017, 1:17pm

I know I’m dumb and silly.
Q: what can be done if the Password is lost?
My Kontalk starts and works fine. But I can’t export my keys.
Even generating the new key pair doesn’t help: it’s still protected with the Password.

daniele_athome · April 10, 2017, 3:47pm

There is nothing you can do at the moment sorry. For security reasons you can’t export your key if you don’t know the password you’ve set.
A good move would probably be to allow to set a new password when generating a new key (issue just opened).
Your only workaround is to delete your account and register from scratch (you’ll lose all messages though).

Fohroer · April 14, 2017, 8:34am

Do you have root on your device?

ildar.mulyukov · April 14, 2017, 8:52am

Do you have root on your device?

me? yes.

Fohroer · April 14, 2017, 9:59am

Happy you.
Take Root Explorer or ES file manager with root and go to /data/system/users/0/accounts.db open this database with SQ lite ediotr and there you’ll find MD5 hash of your Kontalk password. If you can’t open it — copy it somewhere and open copy of it. You’ll find line you need in accounts. Name will be your phone, type will be org.kontalk.account, password will be hash you need.
Then copy and decrypt, you can do it with https://hashkiller.co.uk/md5-decrypter.aspx
Then delete or wipe copy of your database file. Your next chance can be unhappy and no luck will follow you, so always have somewhere just a sheet of paper with your passwords. If you are scared to store it in plain text you can encrypt it with one of algorithms that army men use.

@daniele_athome go fix it, MD5 is weak, replase it with SHA1 salt because even SHA1 is weak nowadays (for example apt-get shows a reminder about weakness of SHA1).

ildar.mulyukov · April 14, 2017, 10:58am

@Buranek , right.
Your message reminded of how it happened.
I wanted to take out the key to get Kontalk on a new ROM. And when I exported the key it asked me of the password. I didn’t put much attention to it and didn’t put it into my password keep because I was sure it is the password to encrypt the exported key, not the account!
This must be fixed somehow. Do you agree, @daniele_athome ?

Fohroer · April 14, 2017, 1:12pm

To bring Kontalk to new ROM or another device you need 4 things:

Copy of /data/data/org.kontalk you really need messages and contact list, nothing more
Kontalk folders from /sdcard /sdcard/Pictures and /sdcard/Music
/data/system/users/0/accounts.db
Exported keys. And also you need to know your password.

Restoring in hard process, I need to recall that I remember, so I can post instruction.

daniele_athome · April 14, 2017, 4:55pm

Thanks @Buranek, I didn’t go through the “hard way” process since it is as you say very complicated

If @ildar.mulyukov remembered his password, exporting the personal key and importing it again in the new ROM could have been enough to copy his account. So the only thing to copy manually is the messages.db file.

Actually we do use SHA-1, but we use it to derive a complex enough passphrase to be used for key decryption. The passphrase entered by the user is not used directly.

I’m not sure how to do it without taking out another layer of security. Suggestions are very welcome

Fohroer · April 14, 2017, 5:35pm

How about two-factor authentication and cloud-based sync? Server is cheap enough.
20796 rub per year.
CPU: 2 vCPU (4,4 HHZ)
RAM: 4 Gb
Disk: 100 GB
OS you choose.

daniele_athome · April 14, 2017, 5:42pm

What do you mean by two-factor? What would be the second factor?

Fohroer · April 14, 2017, 5:43pm

Confirmation from mobile and entering password.

daniele_athome · April 14, 2017, 5:44pm

That has a cost you know