Client regularly forgets the password (mnemonic) and must be re-synchronized after re-entering the password

🍱 Features & apps end-to-end-encryption
1

Nextcloud Hub version: 27.1.3
Operating system and version: Strato Webspace

Nextcloud Client: 3.10.1 (macOS Sonoma 14.1.1)

The issue you are facing:
I have two clients:
Client 1: MacMini Client: 3.10.1 (macOS Sonoma 14.1.1)
works perfectly. End-To-End encryption runs without any problem.

Client 2: MacBook Pro same Nextcloud client Client: 3.10.1 (macOS Sonoma 14.1.1) regularly forgets the password (mnemonic) and must be re-synchronized after re-entering the password.

Whenever Client looses the Password i get the following message:
[engl translation ]End-to-end encryption has been activated on this account with another device.
It can be activated on this device by entering your mnemonic.
This activates the synchronization of existing encrypted folders.

[Original Text] Die Ende-zu-Ende-Verschlüsselung wurde auf diesem Konto mit einem anderen Gerät aktiviert.
Sie kann auf diesem Gerät durch Eingabe Ihrer Mnemonik aktiviert werden.
Dadurch wird die Synchronisierung vorhandener verschlĂĽsselter Ordner aktiviert.

I do have no idea whether this behavior relates to this warning in my logging:

[core] Warnung: OC\Authentication\Exceptions\InvalidTokenException: Token is too short for a generated token, should be the password during basic auth at <<closure>>

 0. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/private/Authentication/Token/Manager.php line 133
    OC\Authentication\Token\PublicKeyTokenProvider->getToken("*** sensitive parameters replaced ***")
 1. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/private/User/Session.php line 782
    OC\Authentication\Token\Manager->getToken("*** sensitive parameters replaced ***")
 2. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/private/User/Session.php line 352
    OC\User\Session->validateToken("*** sensitive parameters replaced ***")
 3. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/private/User/Session.php line 452
    OC\User\Session->login("*** sensitive parameters replaced ***")
 4. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php line 107
    OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
 5. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php line 96
    OC\AppFramework\Middleware\Security\CORSMiddleware->beforeController()
 6. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 129
    OC\AppFramework\Middleware\MiddlewareDispatcher->beforeController()
 7. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/private/AppFramework/App.php line 183
    OC\AppFramework\Http\Dispatcher->dispatch()
 8. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/private/Route/Router.php line 315
    OC\AppFramework\App::main()
 9. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/lib/base.php line 1068
    OC\Route\Router->match()
10. /mnt/web117/e2/04/5695504/htdocs/pathlessland/nextcloud/index.php line 36
    OC::handleRequest()

GET /nextcloud/index.php/apps/notes/api/v0.2/notes?exclude=content
from 5.180.61.40 at 2023-11-09T10:50:10+00:00
1 Like
2

If you turn on client debug logging you should be able to get an indication of what’s going on (hopefully) since there is logging for most of the major keychain/etc events.

  • How frequently does it seem to forget the mnemonic? Any pattern or trigger that you can discern?
  • Are encrypted files accessible from both clients without difficulty in between these events?
  • Do you have a third client (or even a mobile client) to test whether it has similar behavior?
1 Like
3

Dear jtr,
How frequently? - I have not yet seen a pattern. It is too often
Are files accessible? - From the MacMini there is no problem. I have also the Android Client, there is no problem, only the MacBook version “forgets” the password and needs re-syncing
I did click on “Debug-Archiv erstellen” and got an archive with a lot of gzip’ed logs. Where shall i need to look into? I will do this “Debug-Archiv erstellen” when it has lost the password next time.
Thank you very much for looking into this

1 Like