Encrypted wallet.dat, lost password, any solutions?

[ez1btc]

Apparently I misrecorded my encrypted wallet.dat password. As such, I have lost access to a large amount of Bitcoins.  I can't imagine there is any recourse for hacking apart my wallet.dat and recovering any private keys, but if there is, I'll make it worth your while.

If anyone has any solutions to a lost wallet password, please let me know- I'm offering a 50-100BTC bounty for helping me unlock my lost BTC as soon as possible.

Thanks all
ez1btc

[1714986612]

1714986612

[1714986612]

1714986612

[1714986612]

1714986612

[Revalin]

Do you remember any part of your password?  How many characters was it?  Any other aspects, like all-lowercase, or made of several words, or was it just random?

If we can narrow it down some it might be possible to brute force it.

[etotheipi]

Given enough time, it can be found.  But the system is designed to make brute forcing the password slower...

RIGHT NOW write down anything you can remember about the password.  Length, characters, patterns that are probably in the password.  Not only might this jog your memory, but it could reduce the search time by a factor of 1,000,000, and could be the difference between figuring it out eventually, or not at all.

Unfortunately, I don't have the time to attempt this, but I know there are folks out there who would.  Just be aware that unless you are "buying a script" to run on your own system, you will most likely be giving your wallet to someone and there's no guarantee that you'll get anything back once they find the password.  In other words, I would only send the wallet to members with a reputation at stake.

(I mean, there's no guarantees with anyone on the forums, but at some point you have to trust someone if the alternative is losing the coins forever)

[ez1btc]

the password is quite memorable, which is why im surprised i misrecorded it- it is very long but a unique phrase and i must have misentered it twice while confirming it as my password.

so yes, i have a good idea of what the password is close to, and i would love for a reputable, trustworthy member to help me brute force it.

i will pay well

thanks again all

[drrussellshane]

the password is quite memorable, which is why im surprised i misrecorded it- it is very long but a unique phrase and i must have misentered it twice while confirming it as my password.

so yes, i have a good idea of what the password is close to, and i would love for a reputable, trustworthy member to help me brute force it.

i will pay well

thanks again all

Why not search and find a password cracker that will brute force it for you, starting with your *intended* password?

I'm not familiar with any particular piece of such software, but I'm sure it exists, and is likely found with relative ease given a diligent search.

Feel free to send your bounty my way though.

[Blazr]

the password is quite memorable, which is why im surprised i misrecorded it- it is very long but a unique phrase and i must have misentered it twice while confirming it as my password.

so yes, i have a good idea of what the password is close to, and i would love for a reputable, trustworthy member to help me brute force it.

i will pay well

thanks again all

Why not search and find a password cracker that will brute force it for you, starting with your *intended* password?

I'm not familiar with any particular piece of such software, but I'm sure it exists, and is likely found with relative ease given a diligent search.

Feel free to send your bounty my way though.

You would still need powerful hardware in order to crack it within a reasonable amount of time

[etotheipi]

Given what you just said, I would guess that you know all the words that are in the password.  Therefore, the issue is most likely capitalization and/or punctuation.  Especially punctuation and numbers, which can easily be mistyped, or accidentally double-capitalizing like "WAlrus".  Or maybe a spacebar was tapped twice, or you have a "teh" in there.

It sounds like there's a lot of BTC there, so I would first spend a couple hours trying slight variations of it.  A couple hours seems like a lot, but that's the price you pay for forgetting your password!  And it's worth it if it actually works, because then you don't have to risk giving the wallet to anyone else.  And it might be faster than downloading and figuring out how to use some poorly made software specifically designed for cracking Satoshi wallet passwords but it doesn't quite work right...

[FreeMoney]

Just out of curiosity is there any theoretical way to put another password on a file before handing it off to someone yet still have them able to know if they've found the original?

[memvola]

Just out of curiosity is there any theoretical way to put another password on a file before handing it off to someone yet still have them able to know if they've found the original?

I guess you could just send the encrypted master key?

[rudrigorc2]

if it really was you who put the password the best piece of hardware you can use right now is your brain

relax and try to recreate the whole scenario, time, place, mindset of when you were leaning on the bitcoin client, then put your hands on the keyboard, focus and start trying

hopefully the password will emerge

source: my own experience, I have set up a password on a 50 btc worth wallet. This is how it happened:

It was late night in a hostel, the only computer avaiable, not only a public a PC but I had to use standing up, and, to increase the anxiety level, I was drinking beer. Put the password and shutdown the PC. Then I left the place I was for three days, here is where I needed the password and: WTF?! Wrong password! Don't panic.  At this time the password only existed on my brain, then just said to myself I was going to remeber. I did exactly as I told you above. Took me one day to go back to the place I had set up the password. And two more days acting like "12:01" movie to finally extract it from my mind. The pass was a 12 chars long phrase.

Hope this inspires you.

[etotheipi]

Just out of curiosity is there any theoretical way to put another password on a file before handing it off to someone yet still have them able to know if they've found the original?

"Commutative encryption" does exist, but wallet encryption uses AES which is not.  And even if it did, I'm not sure there would be a way for the cracker to know when he's found the correct passphrase.

[payb.tc]

the password is quite memorable, which is why im surprised i misrecorded it- it is very long but a unique phrase and i must have misentered it twice while confirming it as my password.

have you tried hunter2?

seriously though, this might help: sometimes the above happens to me when i use a keyboard with a bad right-hand shift key, causing all the $ in my passphrases to come out as 4's every time i type it.

[etotheipi]

Just out of curiosity is there any theoretical way to put another password on a file before handing it off to someone yet still have them able to know if they've found the original?

"Commutative encryption" does exist, but wallet encryption uses AES which is not.  And even if it did, I'm not sure there would be a way for the cracker to know when he's found the correct passphrase.

This may be a way to improve the encrypted wallet format.   Passphrase to key function ->  key.  Then have the client encrypt separately a "test string" and the wallet.

This would allow brute force recovery in a secure manner.  The person could just give only the encrypted test string (which given the right key should decrypt to a known value (something like "Bitcoin Wallet format v1.2") to recovery team.

It wouldn't simplify the attacker's job but it would allow forgotten/incorrect passwords to be recovered in a manner that doesn't require the owner to trust a third party.

+1

That's such a good idea I'm going to make it part of my new wallet format in Armory.  This kind of thing happens infrequently, but enough.

Although, Armory has the advantage that you usually have a paper backup which is unencrypted.  When you forget your passphrase, you only need to restore your wallet from the sheet of paper.

[payb.tc]

Just out of curiosity is there any theoretical way to put another password on a file before handing it off to someone yet still have them able to know if they've found the original?

"Commutative encryption" does exist, but wallet encryption uses AES which is not.  And even if it did, I'm not sure there would be a way for the cracker to know when he's found the correct passphrase.

This may be a way to improve the encrypted wallet format.   Passphrase to key function ->  key.  Then have the client encrypt separately a "test string" and the wallet.

This would allow brute force recovery in a secure manner.  The person could just give only the encrypted test string (which given the right key should decrypt to a known value (something like "Bitcoin Wallet format v1.2") to recovery team.

It wouldn't simplify the attacker's job but it would allow forgotten/incorrect passwords to be recovered in a manner that doesn't require the owner to trust a third party.

that would be awesome... you could then distribute it to potentially thousands, millions of 'lost pass' solvers who are paid bounties for the keys they find.

[koin]

this is probably being too paranoid, but ... plan on choosing only one person to attempt to figure out how your passphrase is failed.  what if you have one person try to figure it out but claims to have failed.  and then a second person gives it a try and also claims to have failed, or is still working on it.  but then the bitcoins get spent.  which party do you point blame?

game theory would probably have an answer for that but if there is only one party (or at least that person does not know there are any other parties trying the same thing) then chances are less likely that you'll get cheated.

[FreeMoney]

Just out of curiosity is there any theoretical way to put another password on a file before handing it off to someone yet still have them able to know if they've found the original?

"Commutative encryption" does exist, but wallet encryption uses AES which is not.  And even if it did, I'm not sure there would be a way for the cracker to know when he's found the correct passphrase.

This may be a way to improve the encrypted wallet format.   Passphrase to key function ->  key.  Then have the client encrypt separately a "test string" and the wallet.

This would allow brute force recovery in a secure manner.  The person could just give only the encrypted test string (which given the right key should decrypt to a known value (something like "Bitcoin Wallet format v1.2") to recovery team.

It wouldn't simplify the attacker's job but it would allow forgotten/incorrect passwords to be recovered in a manner that doesn't require the owner to trust a third party.

+1

That's such a good idea I'm going to make it part of my new wallet format in Armory.  This kind of thing happens infrequently, but enough.

Although, Armory has the advantage that you usually have a paper backup which is unencrypted.  When you forget your passphrase, you only need to restore your wallet from the sheet of paper.

Nice idea Tangible.

[Revalin]

Rather than giving your whole wallet over to someone, just extract one keypair, preferably one for an address with 0 balance.  They can then crack it, but won't have access to all of your funds when they succeed.

[Etlase2]

Rather than giving your whole wallet over to someone, just extract one keypair, preferably one for an address with 0 balance.  They can then crack it, but won't have access to all of your funds when they succeed.

Are the public keys unencrypted? Otherwise it would be difficult to find an address with a 0 balance I would think.

[FreeMoney]

Oh, I keep imagining a plain encrypted file. If all the parts are in place and just the keys are encrypted then I think it makes sense to just pull one. Is the key pool encrypted? Is it easy to tell which are in the key pool? Pull one (for each cracker?) from the key pool and have a contest?

[Revalin]

The encrypted wallet format only encrypts the seckeys, nothing else.

You can dump them with bitcointools: https://github.com/gavinandresen/bitcointools

ez1btc: to export the full encrypted seckeys, just make this change to wallet.py:

Code:

diff --git a/wallet.py b/wallet.py
index a41d3a6..9eae0ad 100644
--- a/wallet.py
+++ b/wallet.py
@@ -224,7 +224,7 @@ def dump_wallet(db_env, print_wallet, print_wallet_transactions, transaction_fil
       print(" Created: "+time.ctime(d['created'])+" Expires: "+time.ctime(d['expires'])+" Comment: "+d['comment'])
     elif type == "ckey":
       print("PubKey "+ short_hex(d['public_key']) + " " + public_key_to_bc_address(d['public_key']) +
-            ": Encrypted PriKey "+ short_hex(d['crypted_key']))
+            ": Encrypted PriKey "+ long_hex(d['crypted_key']))
     elif type == "mkey":
       print("Master Key %d"%(d['nID']) + ": 0x"+ short_hex(d['crypted_key']) +
             ", Salt: 0x"+ short_hex(d['salt']) +

Then run "./dbdump.py --wallet | grep PriKey".  That will give you the full list, and you can pick which one you want to share.