BIP 038 Bug

[cbeast]

This encryption feature should be removed from all software until the bugs are worked out. I created a set of wallets with an easy to remember password in January 2014 and now it doesn't work. I tested the password to decrypt one of the wallets before loading them. Now I cannot recover them. I have a feeling this will be a problem for a lot of people that think their BIP 038 wallets are secure.

Edit:
Win7
Either Chrome, Mozilla, or Explorer (can't recall which I used) but probably Chrome
It was Bitaddress.org saved to my drive either v2.8.1 or 2.5.1 but probably the newer
I didn't write down the exact PW, but wrote down a hint to it.

I hope this isn't a bug and is merely human error. It will be much easier to fix that way.

[Abdussamad]

This encryption feature should be removed from all software until the bugs are worked out. I created a set of wallets with an easy to remember password in January 2014 and now it doesn't work. I tested the password to decrypt one of the wallets before loading them. Now I cannot recover them. I have a feeling this will be a problem for a lot of people that think their BIP 038 wallets are secure.

How much did you loose?

[cbeast]

How much did you loose?

I'm really not counting them as totally lost yet. That would be unthinkable. It is enough to shake my faith in cryptocurrency development that such a serious bug can occur. I will not completely rule out user error, but it's highly unlikely.

[cypherdoc]

How much did you loose?

I'm really not counting them as totally lost yet. That would be unthinkable. It is enough to shake my faith in cryptocurrency development that such a serious bug can occur. I will not completely rule out user error, but it's highly unlikely.

whose code did you use?

[Abdussamad]

How much did you loose?

I'm really not counting them as totally lost yet. That would be unthinkable. It is enough to shake my faith in cryptocurrency development that such a serious bug can occur. I will not completely rule out user error, but it's highly unlikely.

Assuming you used bitaddress.org, have you tried using older versions of that site? They have a github repo where you can download old versions:

https://github.com/pointbiz/bitaddress.org/releases

[cbeast]

I updated the OP with details. I am trying all combinations of versions and browsers.

[Abdussamad]

Well it looks like bitaddress doesn't tag all its releases so you will have to use the commit log to see which version was latest around Jan:

https://github.com/pointbiz/bitaddress.org/commits/master

[cbeast]

Well it looks like bitaddress doesn't tag all its releases so you will have to use the commit log to see which version was latest around Jan:

https://github.com/pointbiz/bitaddress.org/commits/master

I always use bitaddress offline. I only have two versions saved to the drive. It looks like the newer one I updated April 5, 2014. I will look for the version from January on Github.

[cypherdoc]

I didn't write down the exact PW, but wrote down a hint to it.

could this be the problem?

[cbeast]

I didn't write down the exact PW, but wrote down a hint to it.

could this be the problem?

It was my most commonly used pw for sites I don't care about with one added salt. I have a few variations, but not many. It was such an easy pw that it was the only one I didn't bother to write it down precisely. I did test it as well before loading the bitcoins.

[cbeast]

Well anyway. If I don't recover the PW, perhaps I'll hire someone to brute force crack it.

[cbeast]

I noticed bitcoinaddress v2.5.1 wallet details tab occasionally pops up a new address. It might have fooled me into thinking I verified the pw. No worries.

[justusranvier]

It was my most commonly used pw for sites I don't care about with one added salt. I have a few variations, but not many. It was such an easy pw that it was the only one I didn't bother to write it down precisely. I did test it as well before loading the bitcoins.

Is it one of your bible codes?

[cbeast]

It was my most commonly used pw for sites I don't care about with one added salt. I have a few variations, but not many. It was such an easy pw that it was the only one I didn't bother to write it down precisely. I did test it as well before loading the bitcoins.

Is it one of your bible codes?

No, my brain wallets are much more complex. This was the kind of pw most websites would reject as too simple except for adding the salt. With BIP 38 you need the private encrypted key, so there wasn't the need for a tough pw. I am perplexed and befuddled. I still think it may have been a possible bug in which case I will need help someday.

[crazy_rabbit]

Honestly I think this sounds like user error. Which should be somewhat comforting as you seem like you know a good starting point from which to brute force the password. This is exactly the sort of situation my device I hope will help solve.

https://bitcointalk.org/index.php?topic=566626.80

[Abdussamad]

No, my brain wallets are much more complex. This was the kind of pw most websites would reject as too simple except for adding the salt. With BIP 38 you need the private encrypted key, so there wasn't the need for a tough pw. I am perplexed and befuddled. I still think it may have been a possible bug in which case I will need help someday.

BIP38 uses scrypt to hash the password. Scrypt ASICs have been out for a few months now and faster devices are released all the time. Soon scrypt hashing will be very fast and someone will be able to brute force your keys for you. In the meantime you would do well to get a notebook and write down everything you remember about your password. The more info you have the better the chances of cracking it.

Oh and if you want to try and get it bruteforced today you can consider this guy's services:

https://bitcointalk.org/index.php?topic=240779.0

[cypherdoc]

Soon scrypt hashing will be very fast and someone will be able to brute force your keys for you.

Really?  any sources for that?

if true, there's going to be alot of surprised ppl who assumed this would stand the test of time.

[Rannasha]

No, my brain wallets are much more complex. This was the kind of pw most websites would reject as too simple except for adding the salt. With BIP 38 you need the private encrypted key, so there wasn't the need for a tough pw. I am perplexed and befuddled. I still think it may have been a possible bug in which case I will need help someday.

BIP38 uses scrypt to hash the password. Scrypt ASICs have been out for a few months now and faster devices are released all the time. Soon scrypt hashing will be very fast and someone will be able to brute force your keys for you. In the meantime you would do well to get a notebook and write down everything you remember about your password. The more info you have the better the chances of cracking it.

The existence of ASICs for scrypt-mining has little to no effect on the strength of scrypt as a password-hashing-function. Mining ASICs perform a very specific operation on a very specific input-format and they can't be reconfigured to go password cracking. SHA-256 is being used to hash passwords across the globe, but we haven't seen the Bitcoin miners switch their equipment to crack some passwords. For the simple reason that it is impossible. You'd need a different device for it.

[softron]

Try again like 10 times. Someppl reported it works after tring a couple times

[softron]

U should also use the same os and browser version