Accessing encrypted data (lost password)

1. What is the issue? Please be detailed.
We are using ODK Central (Ubuntu 22.04.4 LTS) and when our focal point set up the project they enabled project-managed encryption using a passphrase. Unfortunately, the focal point who set up the project cannot recall the correct passphrase that was used. As a result, we cannot access the encrypted data for our project.Given password reset is not possible, is there any other way for us to decrypt the data and access it for analyses?

2. What steps can we take to reproduce this issue?
NA

3. What have you tried to fix the issue?
Attempted many different passwords, involved information security specialists to attempt to decrypt data.

4. Upload any forms or screenshots you can share publicly below.

Unfortunately, without the passphrase, the data cannot be decrypted, and as Central does not store the passphrase, it cannot decrypt the data without your input. When enabling encryption, there is a warning that "if you lose [the passphrase], there is no way to recover it or your data!"

Agreed with @danbjoseph that there is no way to decrypt the data without the passphrase. In fact, we just went though a security audit where an external team reviewed the code and went through "painstaking efforts" to attempt a way to get at the data.

There is no lockout on the number of attempts to enter the passphrase, so your best bet is to write a script that tries the likely passwords. One caveat is that we use bcrypt with cost factor 12 for password hashing so this could take some time.

2 Likes