Correct library passwords not accepted any more

Dear all,

Seafile server (7.0.5) does not accept the passwords for multiple encrypted libraries anymore (neither via web interface, nor via Seafile client), even though we know that the passwords are correct (passwords were stored in a password manager and were accepted by different Seafile clients in the past).
The clients which were already set-up to sync the respective libraries continue to sync libraries. New clients cannot be added though.

Maybe the upgrade from Seafile v.6 to Seafile 7.0.5 is the culprit. Do you know whether there were any changes concerning the password policy, e.g. concerning maximum length, allowed characters, etc.?

Any help would be greatly appreciated.

Thanks!

The encryption of encrypted libraries changed from Seafile 6 to Seafile 7. Existing libraries should not be affected though.

From June 2019 – Seafile Official Blog

Encrypted library is one of the most liked features in Seafile. We supported encryption of users data in an end-to-end way from the first day we released Seafile. In Seafile 7 we further improve the security of the encryption mechanism by using different encryption salts for each library. In cryptography, salts are used to make brute-force hacking harder. It would make such kind of attacks even harder with different salts used for different libraries. (More details about Seafile’s encryption algorithm can be found in our manual.)

To use this improved encryption mechanism, you must add the following option to seahub_settings.py:

ENCRYPTED_LIBRARY_VERSION = 3

After that, all new encrypted libraries will use the new version of encryption algorithm. Please note that sync clients before 7.0.0 cannot work with new encrypted library version. So the clients has to be upgraded to sync new encrypted libraries. Existing encrypted libraries are not affected.

Though the web interface had been rewritten, the API is not changed. If the client can’t access the encrypted library, it is likely it is not caused by the version upgrade.

We can add some methods to debug the issue when we have time.