Viscosity 1.7 update corrupts some keychain entries

Got a problem with Viscosity or need help? Ask here!

jlnr

Posts: 2
Joined: Wed May 24, 2017 9:52 pm

Post by jlnr » Wed May 24, 2017 9:56 pm
This is more of a heads-up than a question. When I upgraded to Viscosity 1.7 today, both of my macOS partitions couldn't connect to the VPN anymore.

When I compared the passwords in my macOS Keychain to the stored passwords on another computer, I noticed that a backslash in my password had been replaced by two backslashes (\ -> \\). I'm not sure if this bug also affects other characters.

After manually fixing the password in my keychain entry, I was able to connect again.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu May 25, 2017 3:59 pm
Hi jlnr,

Thanks for the report. Thankfully there is nothing to be alarmed about here, Viscosity made a change to how special characters (backslashes and quotes) are stored. Older versions of Viscosity stored them in "escaped" form required by OpenVPN (which is why you'd see \\ instead of a single backslash, or \" instead of just a double-quote character) while Viscosity 1.7 does not do this.

It shouldn't be necessary to manually change the saved details in the Keychain: when they get rejected by the server Viscosity should alert you and automatically prompt for updated details. Viscosity will then replace the old saved details with the updated format. Of course if you don't think this is correctly happening for your connection/setup please do let us know and we'll take a look.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

jlnr

Posts: 2
Joined: Wed May 24, 2017 9:52 pm

Post by jlnr » Sun Jul 09, 2017 8:20 pm
James wrote:
It shouldn't be necessary to manually change the saved details in the Keychain: when they get rejected by the server Viscosity should alert you and automatically prompt for updated details. Viscosity will then replace the old saved details with the updated format.
That didn't work because I have no copy of my passwords other than the keychain entries. I've generated long and secure passwords, and then verified that Viscosity stores the in the macOS keychain (which is my only password manager). When Viscosity alerts me to enter my password again, I can't do more than copy them over from the keychain, which is circular.

The only reason I could work around this is that I had unescaped copies of my passwords on a separate computer that runs Linux.

When Viscosity stores its passwords in the keychain, I trust that these keychain entries will keep my passwords safe indefinitely, just like Safari's keychain entries are the only place where I store my website passwords. So this is more of a feature request for the future: If Viscosity ever changes the organisation of its keychain entries again, it would be great if the update could automatically migrate them to the new format.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Jul 10, 2017 11:33 am
Hi jlnr,

Thanks for the feedback - we'll take it on board.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
4 posts Page 1 of 1