Kunzisoft
IV has already been used
Checks
- [x] I have read the Wiki, searched the open issues, and still think this is a new bug.
Explain the problem clearly and succinctly:
When entering an incorrect password to unlock a database and then trying again with the corrected password, the following message appears:
IV has already been used. Reusing IV in encryption mode violates security best practices.
A workaround is to toggle the hardware key option. After that unlocking works again.
Describe what you expected to happen:
The app should probably create a new IV when editing the password after a failed attempt.
KeePassDX version:
4.2.4
Build:
Free
Database version:
No response
File provider (content:// URI)
No response
Android version:
16
Android device:
No response
Additional context:
No response
Actually, I don't know why this message appears because the IVs are recreated with each generation. I've checked several times, maybe I made a mistake, but I have the impression that the UI reloading simply causes certain biometric APIs to crash. Can you tell me the model of device you are using?
Some additional info: This doesn't just affect the latest version of KeePassDX. It started a few months ago but I don't mistype my password frequently and assumed the next update would fix this anyway.
My smartphone is a Redmi Note 10 Pro but it has not seen an official ROM for years because Xiaomi abandoned it in 2023 and I never liked MIUI in the first place. The current ROM is crDroid 12.3. My SO has the same device using another older ROM (A15) and also a tablet. I will try to reproduce it on those devices.
I can reproduce this on a Lenovo tablet with its original Android everytime. There is one condition I didn't realize before: The setting "Delete password" has to be disabled. The issue occurs when you correct the password in-place.
I can't solve the problem, so I simply reset it as soon as the password field is focused.