Bitcoin Forum
November 01, 2024, 02:53:33 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Password requirements  (Read 299 times)
Quix77 (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 7


View Profile
December 09, 2021, 01:27:56 AM
Last edit: December 09, 2021, 01:46:58 AM by Quix77
Merited by o_e_l_e_o (4), Welsh (2), ABCbits (1)
 #1

Hii to you all,

Like a few more people i lost the password of my Blockchain account. I created this in august 2014 with the use of the ios Blockchain app. I have an idea of the possible password and make use of BTCrecover. I seem to remember that i created a ‘strong’ password as indicated by the (Blockchain app) ‘password assistent’. I probably used a capital letter, numbers, punctuation mark and letters.

My question is: What is the minimum total characters for a ‘strong’ password generated in the ios Blockchain app, back in August 2014? And what did the (build in) password assistent look like?

I don’t have the above mentioned Iphone anymore. Same as the computer i used back then, for the Itunes back-ups.

I’m looking forward for your replies.
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
December 09, 2021, 03:06:45 AM
 #2

Do you have any idea of the size of password you used (just coming at this from a different angle). I think I've seen anything up to 11 characters being fairly crack able with special characters, lowercase and capitals and that might go somewhere to help.

Most sites around that time suggested around 8 characters i think but it mightve been different for them (though I doubt it).
nc50lc
Legendary
*
Offline Offline

Activity: 2590
Merit: 6310


Self-proclaimed Genius


View Profile
December 09, 2021, 03:57:08 AM
Merited by o_e_l_e_o (4), ABCbits (2), Pmalek (1), uchegod-21 (1)
 #3

The archived page of blockchian(dot)info from January 2014 recommended a 10-character password,
When you start to type it, it'll display how strong or weak your current password is; but there's no restriction in using only alpha-numeric characters.

Archived Link: web.archive.org/web/20140122233151/https://blockchain.info/wallet/new

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
uchegod-21
Hero Member
*****
Offline Offline

Activity: 1120
Merit: 635


BTC, a coin of today and tomorrow.


View Profile
December 09, 2021, 08:17:36 AM
 #4

The archived page of blockchian(dot)info from January 2014 recommended a 10-character password,
When you start to type it, it'll display how strong or weak your current password is; but there's no restriction in using only alpha-numeric characters.

Archived Link: web.archive.org/web/20140122233151/https://blockchain.info/wallet/new

To add to this. I think you want to know the length of the password so that you will get the idea how long the password is. Can you try and remember the email you use that time and search for it. It can help you. I am saying this because I saw a space for email in archive nc50lc post.

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
December 09, 2021, 09:47:58 AM
Merited by ABCbits (1), Pmalek (1)
 #5

Do you have your recovery phrase backed up anywhere? Back in 2014, blockchain.com generated recovery phrases of around 16-20 words which were not BIP39 seed phrases but rather password recovery phrases. If you have this phrase and enter it here - https://login.blockchain.com/wallet/forgot-password - it will recover your password for you.
Quix77 (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 7


View Profile
December 09, 2021, 01:19:54 PM
 #6

To add to this. I think you want to know the length of the password so that you will get the idea how long the password is. Can you try and remember the email you use that time and search for it. It can help you. I am saying this because I saw a space for email in archive nc50lc post.

I have the original email from 2014. The email with a link to login. That link isn’t working anymore. In which way could this email help to retrieve the password? Are you saying that i can find the character lenght of the password in this way?

Also i found the original webpages via an internet archive machine. I am wondering if this was the same as the ios app i used back then.

Thanx for the replies!
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
December 11, 2021, 11:16:52 AM
 #7

I have the original email from 2014. The email with a link to login. That link isn’t working anymore.
I assume you have used that link to download the wallet file so you can attempt to brute force it using btcrecover? Have you checked this email account for any evidence of your password recovery phrase?

Are you saying that i can find the character lenght of the password in this way?
No. There will be no way to recover your password length simply from an email.
Quix77 (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 7


View Profile
December 11, 2021, 04:53:46 PM
 #8

I have the original email from 2014. The email with a link to login. That link isn’t working anymore.
I assume you have used that link to download the wallet file so you can attempt to brute force it using btcrecover? Have you checked this email account for any evidence of your password recovery phrase?

This is indeed the email i used for downloading a copy of the wallet. I use this copy for the Bruteforce attack. I can’t seem to remember or find any evidence of a recovery phrase. Is it possible that the recovery phrase was mailed to me, back in 2014?

o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
December 11, 2021, 05:42:04 PM
 #9

Is it possible that the recovery phrase was mailed to me, back in 2014?
It's unlikely, but I never set up or used an old blockchain.info wallet so I'm not 100% sure though. This would be very insecure, but blockchain.com aren't exactly known for their good security of technical competence. They did used to email users their wallet.aes.json file to save as a back up, so its not outside the realm of possibilities that they also emailed out your password recovery phrase. More likely though is that you would simply have been shown it when setting up your wallet for the first time and told to write it down or save it somewhere safe. It would be a list of 16-20 seemingly random and unconnected words. If you don't remember such a thing, then it's probably not worth wasting your time on, and you would be better off just trying to remember as much as you can about your password for your brute force attempt.
Quix77 (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 7


View Profile
December 12, 2021, 10:23:33 AM
 #10

So, to simplify the above text: “How many characters does a strong password contain”? A ‘strong’ password according to the (build-in) password advisor within the ios blockchain app, back in august 2014?

Is that a minimum of 11 characters?
nc50lc
Legendary
*
Offline Offline

Activity: 2590
Merit: 6310


Self-proclaimed Genius


View Profile
December 13, 2021, 02:43:26 AM
 #11

-snip-
Also i found the original webpages via an internet archive machine. I am wondering if this was the same as the ios app i used back then.
There shouldn't be a reason to make their web and IOS versions different from each other,
besides their latest smartphone version and web version are basically the same.
With that said, they still recommended 10-characters as the "strong password" in Aug2014.

If you want to check it firsthand, their old IOS wallet's source code is still available: https://github.com/blockchain/unused-My-Wallet-iPhone/releases/tag/v2.0.5
Sadly, there's no ready-to-install binary.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Quix77 (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 7


View Profile
December 13, 2021, 04:38:25 PM
 #12

-snip-
Also i found the original webpages via an internet archive machine. I am wondering if this was the same as the ios app i used back then.
There shouldn't be a reason to make their web and IOS versions different from each other,
besides their latest smartphone version and web version are basically the same.
With that said, they still recommended 10-characters as the "strong password" in Aug2014.

If you want to check it firsthand, their old IOS wallet's source code is still available: https://github.com/blockchain/unused-My-Wallet-iPhone/releases/tag/v2.0.5
Sadly, there's no ready-to-install binary.

The strange thing is: If anyone makes an account today, for a Blockchain wallet, the following rules apply:
- afer typing the first character the system says: Use at least 8 characters, a mix of letters, numbers and symbols.
- only after typing the 11th character the build-in ‘password manager’ says: ‘strong’.

I find this quite confusing but assume it’s still the same as back in 2014.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
December 13, 2021, 04:48:19 PM
Last edit: December 14, 2021, 09:28:40 AM by o_e_l_e_o
 #13

I think you are focusing on the wrong thing here. Do you have any idea what your password is? Any words, phrases, strings, etc., which are likely to be included? Any specific formatting that you commonly use such as character swaps or substitutions, specific additional numbers or symbols in certain places, etc?

Given 95 printable ASCII characters, and assuming you can check 1 billions passwords per second (Which is probably significantly more than the hardware you are using can achieve), a 10 character password would take around 950 years on average to break. If you have no idea what your password is and are just planning on brute forcing from scratch, then you are wasting your time.
nc50lc
Legendary
*
Offline Offline

Activity: 2590
Merit: 6310


Self-proclaimed Genius


View Profile
December 14, 2021, 03:05:41 AM
 #14

With that said, they still recommended 10-characters as the "strong password" in Aug2014.
-snip-
I find this quite confusing but assume it’s still the same as back in 2014.
If you play with the archived link of blockhain(dot)info from August 2014,
you'll see that after typing characters in the 'password', the "password strength" will only show the vulnerabilities of the current password
until you've used all character types (lowercase, uppercase, number, punctuation marks).
The constant thing is, it's recommending to use at least 10 characters.

In the latest version, it's the same rules as you mentioned.
So it's definitely not the same as 2014.

Archive:

If this is only to find out how many characters you've used to your password, then you'll encounter worse roadblocks afterwards like explained by the reply above.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Quix77 (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 7


View Profile
December 14, 2021, 11:03:15 AM
 #15

You guys are totally right and i agree with your arguments. But the thing is… i have quite a few ideas about the password i used. Every day i run BTCrecover for several hours. Next to this i try to re-think the process of 2014. When i created te password. For example i know that te creation of the password took a while after trying several combinations. I know that i went on to create a ‘strong’ password. After several tries i had an combination of one symbol, two numbers and probably seven letters (including a capital). This probably still didn’t result in a strong password so i doubled every character.

If everything went like above than i firstly created a password of 10 characters. Because 11 characters should result in ‘strong’. Then i doubled all characters (resulting in 20 char) cause i got frustrated.

I probably know the symbol en numbers. And i do know a list or pool of passwords i commonly used. But it is very important for me to know when the password manager went from ‘medium’ to ‘strong’.

Although i am becoming a pro Smiley at BTCrecover and calculate all possibilities in advance i appreciate your tips!
AdolfinWolf
Legendary
*
Offline Offline

Activity: 1946
Merit: 1427


View Profile
December 23, 2021, 06:12:53 PM
Merited by ABCbits (1)
 #16

I probably know the symbol en numbers. And i do know a list or pool of passwords i commonly used. But it is very important for me to know when the password manager went from ‘medium’ to ‘strong’.
If it's any help i'm pretty sure that blockchain.com uses https://github.com/dropbox/zxcvbn nowadays for their password strength guesstimation. Not sure if they also did so back in 2014 though and how it is implemented.

PrimeNumber7
Copper Member
Legendary
*
Offline Offline

Activity: 1652
Merit: 1901

Amazon Prime Member #7


View Profile
December 29, 2021, 06:14:57 PM
 #17

Given 95 printable ASCII characters, and assuming you can check 1 billions passwords per second (Which is probably significantly more than the hardware you are using can achieve), a 10 character password would take around 950 years on average to break. If you have no idea what your password is and are just planning on brute forcing from scratch, then you are wasting your time.
That is assuming a randomly generated password. When not using a password manager (that includes a password generator), many people will use similar passwords across all websites (despite this being a very bad security practice).

My reading of the OP's posts is that he probably uses a similar prefix across most of his passwords, and there will be a postfix that depends on the complexity requirements. So the prefix might be "pAssw0rd", he might use a number of other words after the prefix, depending on the length requirement, and may use a number of personal significance to him, with "@" at the end if a special character is required.

If (some of) the above is true, it will reduce the space the OP will need to search to find his password.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
December 30, 2021, 12:27:24 PM
 #18

...
Well, yes obviously, which is why the first part of my reply which you snipped clearly asks OP about the exact things you mention, such as specific strings or patterns he commonly uses in passwords which might be able to narrow the search space down. The calculation which you quoted was simply to show the futility of trying to brute force a strong password if he had absolutely no idea what it might be.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!