Thinkpads Forum

TPM's db is blank, all passwords are gone. it was working fine then during the same session a few minutes later they were all gone.

is there a place to look for them? anyone ever had this happen?

thanks

I've never had my passwords wiped out in a single event as you described. I have no idea what might have caused it. A virus or Trojan, perhaps, but....

If you backed up your password database using the "Import/Export" function, then you should be able to recover them from a file called "Password Manager Exported Entry List.exe" (or a similarly-named file) found in your "My Documents" folder. It is a password-protected executable file accessed from the Password Manager via "Import/Export." If you have forgotten the password for the list backup, I am not aware of a means to recover it. Search the forum, though.

Whenever I add, delete or change entries in Password Manager, I always create a new backup just for the situation you described.

Good luck.

USSS wrote:I've never had my passwords wiped out in a single event as you described. I have no idea what might have caused it.

Cheap RAM, duh.

qviri wrote:

USSS wrote:I've never had my passwords wiped out in a single event as you described. I have no idea what might have caused it.

Cheap RAM, duh.

I apologize for not being as smart as you are. Cheap post, duh.

i wouldnt be so quick to blame it on cheap RAM, especially because i am using the factory original plus an infineon stick. it probably a bug in the software.

i went back to keepass. incomparably better.

just happened to me today with a factory T61 that's less than a month old.

Not sure how a ram problem would erase a database on the hard drive? If that's possible then I think there's some bad logic in the program that it's not very fault tolerant.

off to go search some more...

A great work-around is what's already been recommended: [frequent] exporting of the password db
(this way you only lose the last few entries)

I got my X60s w Vista Business a couple of months ago and have been using it rather intensively. During that time, TPM has lost *all* entries (20 or more) at least a half-dozen times. FYI, TPM is mostly interacting with Firefox 2 (currently: v2.0.0.5).

Unfortunately I'm not yet able to predictably trigger the problem -- although earlier today I came close: over the course of logging into one site ~1/2 dozen times (for various reasons), I triggered the problem twice. (fyi, today was first that I've logged into this particular site with my new system)

~~~~~~
Rather than RAM, I suspect a bug in the TPM itself (perhaps in combination with FF2??) is creating corrupt entr[ies] in the db that TPM can't (or doesn't) recover from -- and instead, starts over with a new (and frustratingly empty) db/file.

Same thing happened to me couple times, so I have contacted IBM/Lenovo support - unfortunately without any success. Here is their reply:

"...IBM/Lenovo provides free software support for the first 30 days after the purchase of the machine.
Your system indicates it is beyond its Software warranty period of 30 days..."

Using CSS 8.x and Password Manager 2.1.0 the password list file is stored under "C:\Documents and Settings\<loginname>\Application Data\Lenovo\Client Security Solution". The filename is "<loginname>.pwm" and there is also a file named "<loginname>.pwm.bak". I believe that every time you make a change like saving a new loginname/password in the database your current password list file is copied to the "<loginname>.pwm.bak before the last change is saved.

So in case your current password file list is corrupted for some reason maybe you can use the .bak file. Just delete (or move so you have a copy just in case) your current password database and rename the backup file to make it the current file. I guess closing password manager first would be a good idea.

hmmmm... i could have sworn i read somewhere that the DB was not stored on disk but on memory dedicated to enabling software such as CSS. but you are right, there it is - the entire DB.

so what is the security advantage between using CSS and a tool like KeePass when both store their DBs on disk?

crashnet wrote:hmmmm... i could have sworn i read somewhere that the DB was not stored on disk but on memory dedicated to enabling software such as CSS. but you are right, there it is - the entire DB.
so what is the security advantage between using CSS and a tool like KeePass when both store their DBs on disk?

Correct me if i'm wrong anyone, but the password db stored on disk is encrypted and the key to open that db is stored in the security chip (if you choose to use the security chip). That way the key needed to open the database is stored and secured on the chip and not on the harddisk. Without that password i guess it's hard to break the password database and i also assume it's hard to hack the security chip to find the password.

i could be wrong, but i dont think the password is stored anywhere. the private key is stored in the chip, in the case of CSS, and with KeePass you have the option to store it in a USB key.

i like keepass much better but it doesnt yet auto type into firefox, strangely enough since it is an open source product. I also trust the open source community to build a more robust solution than a couple guys at lenovo ever could.

crashnet wrote:i could be wrong, but i dont think the password is stored anywhere. the private key is stored in the chip, in the case of CSS, and with KeePass you have the option to store it in a USB key.

I think this is the exact same thing as i said.....your password is stored in the security chip and that password is needed to open the password database file that belongs to password manager.