Very strange error in OS X logs

binaryeric

I noticed a very strange (and long) list of errors in my console logs today...



"5/19/10 4:38:25 PM Safari[3984] Failed to update contentsHash, cannot decrypt [Password for (mybank).com/469AF65F51F34945805B6D140FCA15D8]. Please use Help > Troubleshooting > Rebuild Data File in 1Pasword application to fix this issue."



There appears to be one of these errors for EVERY SINGLE one of my logins in 1Password. I am troubled because of a) what is this?? and b) every single domain is exposed in plaintext and placed in a log... and c) "1Pasword" isn't even spelled correctly??



I'm concerned.

jxpx777

[quote name='binaryeric']a) what is this??[/quote]



I'm not sure what to say about this except that it is what it says on the tin. Your entries have a contentsHash entry that is stored in plain text so that 1Password can know if an entry has been changed. This helps for syncing and some other things that in general don't affect the operation of 1Password generally.



But, what does this mean? Well, usually it points to a permissions problem or an issue with some entries. Use the Help > Troubleshooting menu to Rebuild Data File and you should be sorted out.



[quote name='binaryeric']b) every single domain is exposed in plaintext and placed in a log...[/quote]



Yes, you're correct. As a rule, we do not log any encrypted data to disk in plaintext, but some data is stored unencrypted in your data file and those values might be included in a log like in this example. But we only leave unencrypted the same level of information that Mac OS X does with its keychain implementation. It's a good balance of security and convenience, and, like the Mac OS X keychain, had we encrypted the Title and Location values, the performance of even just listing your items would have been unacceptable. We've tried to cover these design decisions in the [url=http://help.agile.ws/1Password3/agile_keychain_design.html]Agile Keychain Design document.[/url]



[quote name='binaryeric']c) "1Pasword" isn't even spelled correctly??[/quote]



I'll get this typo fixed.

roustem

The "contentsHash" field didn't exist in the beginning and was added later to help with syncing. It seems that you have many old entries in 1Password data file that do not have the contentsHash calculated.

binaryeric

[quote name='roustem']The "contentsHash" field didn't exist in the beginning and was added later to help with syncing. It seems that you have many old entries in 1Password data file that do not have the contentsHash calculated.[/QUOTE]



Roustem, thanks for your helpful add-on here. When I originally converted to the Agile Keychain, wouldn't 1P have generated anything that it required at that time? I have been with you guys for a very, very long time... upgrading consistently for... what.. going on 3 years? Is the only method to calculate the "contentsHash" field to rebuild the data file?



Thanks,

Eric

roustem

[quote name='binaryeric']Roustem, thanks for your helpful add-on here. When I originally converted to the Agile Keychain, wouldn't 1P have generated anything that it required at that time? I have been with you guys for a very, very long time... upgrading consistently for... what.. going on 3 years? Is the only method to calculate the "contentsHash" field to rebuild the data file?



Thanks,

Eric[/QUOTE]



The contentsHash was added after the Agile Keychain was introduced, it is possible that the older items do not have the contentsHash. It is not critical, the contentsHash is generated on the fly if 1Password is unlocked but the application will not write it to the disk unless you modify the item yourself.



Currently rebuilding the data file is only way to add the missing contentsHash. I plan to add a mandatory data file upgrade/cleanup code of the data file is one of the future updates as we still need to add contentsHash for attachments and icons (to sync attachments and icons).

binaryeric

[quote name='roustem']Currently rebuilding the data file is only way to add the missing contentsHash. I plan to add a mandatory data file upgrade/cleanup code of the data file is one of the future updates as we still need to add contentsHash for attachments and icons (to sync attachments and icons).[/QUOTE]



So just to confirm... even if I do this now, I am going to have to redo it again in the near future & re-sync my entire agile keychain file?

DBrown

I think Roustem is saying that some future update/upgrade will include (if needed) an automatic cleanup and rebuild of any existing 1Password data and that, in the meantime, you can prevent those log entries by doing a rebuild manually.



New items won't be missing the contentsHash, so one manual rebuild should be enough to take care of this specific problem.

binaryeric

[quote name='DBrown']New items won't be missing the contentsHash, so one manual rebuild should be enough to take care of this specific problem.[/QUOTE]



Unless those items contain icons or attachments, which of course many of mine do. :(

MartyS

The Rebuild Data File menu option is really painless and fairly quick (depending on how many saved items you have, of course). It is *not* a regular maintenance that's required: it is only used when we've changed/improved the data file mechanism.

binaryeric

[quote name='MartyS']The Rebuild Data File menu option is really painless and fairly quick (depending on how many saved items you have, of course). It is *not* a regular maintenance that's required: it is only used when we've changed/improved the data file mechanism.[/QUOTE]



yeah, it isn't an option for me at the moment. I have over 1100 items and my keychain is about 35MBs, which syncs with Dropbox. Unfortunately, that is a lot of data for my Internet connection this week :)

MartyS

[quote name='binaryeric']yeah, it isn't an option for me at the moment. I have over 1100 items and my keychain is about 35MBs, which syncs with Dropbox. Unfortunately, that is a lot of data for my Internet connection this week :)[/QUOTE]



As far as I can tell, the only thing that would be rewritten to your 1Password data file would be the .1password files which are each very small. The vast majority of space taken up by most 1Password data files is the thumbnails and 1PasswordAnywhere components. But I understand how making even many small changes like this together can cause "disruptions" in Dropbox syncing operations.

harringg

I've recently noticed this too in my Console Log, an example is below:



7/7/10 4:30:21 PM firefox-bin[2521] Failed to update contentsHash, cannot decrypt [Applecare-iMac/FC6EE2AF31434CDB8078D82BDA0287F0]. Please use Help > Troubleshooting > Rebuild Data File in 1Password application to fix this issue.



However, when I Help>Troubleshooting>Rebuild Data File 1Password crashes every time.



If otherwise, everything is working, do I need to worry about Rebuilding Data File?

jpgoldberg

[quote name='harringg'] when I Help>Troubleshooting>Rebuild Data File 1Password crashes every time.

If otherwise, everything is working, do I need to worry about Rebuilding Data File?[/QUOTE]



If everything is working, and you don't experience slowness, then rebuilding the data file isn't necessary. However, something clearly isn't quite right, and we'd certainly like to get this sorted out for you before it does become a problem. Would you mind trying to rebuild the data file (to generate the crash) and then after restarting 1Password, send a Diagnostics Report to [email]support@agile.ws[/email]



You can create a Diagnostics Report by Help > Troubleshooting > Diagnostics Report ... and then just drag the created file into mail to us. Also please put in a link to this discussion so that we can connect things up.



Thanks!