Passpack Blog » Passpack keeps your logins safe, organized and available 24/7. You can share passwords with your team in 100% privacy.

Solved an issue with corrupted exchange keys

Jan. 18, 2012

From time to time, we receive a ticket from a user who is unable to invite another user, because the recipient can not see or accept the invitation. I have tried to replicate this issue without success, so my workaround has been to manually delete the invitation from the database so that the two users can restart the process. Generally this worked.

The strange thing was that the problem was repeating always within the same teams. As you know, Passpack has been built to be personal and private. So the best practice, in any case, is that one user access one account. If more than one user accesses the same account, this can create unpredictable problems.

A pratical example

We have three users: Bob, Alice and John.

Bob accesses his personal account (good!). Instead Alice and John access the same company’s account (bad!).
Alice invites Bob.
Before Bob has a chance to see the invitation, John checks for updates. The system finds a request for exchanging keys that is related with his current account (that Alice is also accessing, remember), elaborates the keys and delete the original RSA-encrypted keys for security purposes.
When Bob checks for updates he finds the invite, but the system is not able to generate its own keys because the original keys have since been removed.
The result is that Alice has invited Bob, but Bob can not see or accept the invitation because the exchange keys are bad.

How to fix the issue

When I discovered this practice I finally understood what was causing the key corruption. So I’ve added a more sofisticated control to avoid the problem. But, since it is impossible to propagate a change to previous versions, it was necessary that all the involved users reload their Passpack page to have the latest version of the application. If not, the invitations may seem correct but the user will not be able to see any shared entries because his keys are not compatible with the current keys of the sharer.

If you are experiencing a problem with invitations or with users that can not see any shared entry you should follow these steps:

Be sure that you have the latest Passpack version (logout and reload to be sure)
If you have tried to exchange secure messages with the user, delete all those messages and ask the other user to do the same
From the People tab delete the invited user
Ask the other user to press their check for update button to verify that there aren’t any invitations from you
Invite him again

If you have any issues please open a support ticket.

We are going to change the feedback forum

Oct. 24, 2011

We’ve been using UserVoice for a while to manage user feedback. UserVoice is a great service to collect suggestions and ideas. It worked very well and now we know what is important for our users. But there are a lot of minor suggestions that are also important which remain without an answer. And, in many cases, people Continue reading →

Our provider has been hacked, but Passpack is safe. Zero data compromised.

Oct. 6, 2011

First things first: your data is safe. Passpack runs on dedicated servers at a provider in Germany. Yesterday, that hosting provider was likely hacked into. Due to our application architecture, and the fact that we’ve completely isolated the servers from any access by the provider, Passpack has not been compromised. All user data is secure. Continue reading →

Planned Maintenance Next Saturday, Sept. 24

Sep. 21, 2011

We will be performing a server maintenance next Saturday, September 24, from 8-9am GMT+1 (it was initially planned for 5-6pm PST). During that period, we will put the database in read-only mode. So, if you change something and you need to save it, you have to wait. When the operations will be completed you will Continue reading →

Fixed a Bug in the Billing System

Aug. 24, 2011

When we first introduced the premium plans, we built a system that (surprisingly) wasn’t supposed to manage plan upgrades before the expiring date. So if you upgraded from a Pro to a Team after two months, you needed to contact us to get pro-rated manually. On the other hand, there was a bug that applied Continue reading →

Shared Tags Are On, Also in Bulk Edit Mode

Jul. 27, 2011

Today we’ve released two long awaited features: the ability to include tags along with the entry sharing and the ability to apply tags in bulk edit mode. As a background: when we first introduced tags, we had considered them as a personal way to organize your data. Technically the Tags data was encrypted separately from Continue reading →

New Passpack Desktop Minor Version 2.2.2

Jul. 8, 2011

Today we released a new minor version of Passpack Desktop that fixes a bug during synchronization with your online account. The new version also adds a post-sync alert about any entries deleted during the sync and allows you to recover them so that they can be resynchronized with your online version.

Added the support for a second Yubikey

Jun. 1, 2011

Today I discovered that in the Knowledge Base we suggest to have two Yubikeys so that if you loose one of them, you can continue to use the other. But Passpack didn’t support more than one Yubikey. Oops… So, today, I decided to fix the issue adding the support for a second Yubikey. I also Continue reading →

Passpack is not LastPass. We Have a Big Friend

May. 24, 2011

A few weeks ago LastPass had a serious breach of data. I don’t like to talk about the competitors, but this unlucky event generated a lot of articles, concern and fear. It also caused an increase in emails from Passpack users who are seriously concerned about their security and want to understand if what has happened to Continue reading →