Etlase2
|
|
June 05, 2012, 03:51:21 AM |
|
The encrypted wallet format only encrypts the seckeys, nothing else.
That's strange. From the standpoint of privacy, shouldn't the pubkeys be encrypted as well?
|
|
|
|
Revalin
|
|
June 05, 2012, 03:57:40 AM |
|
Keeping the pubkeys in plaintext encourages people to do their daily read-only operations (verifying received coins) without having to keep the decrypted private keys or password in memory.
The point of encryption is to prevent stolen coins, not to protect your identity. If you want identity protection use a separate whole-file encryption system such as GPG or TrueCrypt.
|
War is God's way of teaching Americans geography. --Ambrose Bierce Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
|
|
|
TangibleCryptography
|
|
June 05, 2012, 03:58:41 AM |
|
The encrypted wallet format only encrypts the seckeys, nothing else.
That's strange. From the standpoint of privacy, shouldn't the pubkeys be encrypted as well? That would require user's password to be entered and wallet kept unlock for any action. Mining for example would require keeping the wallet unlocked continuously and subject to theft. Checking your balance, verifying a tx cleared, checking # of confirmations would all require the password. By only encrypting the private keys funds can be kept secure and the password is only needed to either send funds or sign a message.
|
|
|
|
ez1btc (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 05, 2012, 04:11:20 AM |
|
Much gratitude for all the help. If I can free my BTC I will pay a lot of you I have spent several hours trying figure out my password mistake. Many hours feeling like a complete fool, in fact. Looking for a brute force script that I can guide in the right direction using the nearly-correct password which I remember. Any script authors or white hats interested in making a hundred BTC or so, send me a message. Thanks!
|
|
|
|
riX
|
|
June 05, 2012, 05:38:23 AM |
|
I did the same thing two weeks ago, mistyped my 30-char pwd twice, although that was on a 7-zip archive. I made a script that tried all combinations of the keyboard keys surrounding the ones that should be correct, and also upper/lower case combinations for the characters that were adjacent to those that were supposed to be capitals. Found the password in about 3 secs...
I have the script, but it's for 7-zip, but it's not hard to fix..
|
|
|
|
Revalin
|
|
June 05, 2012, 05:52:42 AM Last edit: June 05, 2012, 06:16:28 AM by Revalin |
|
Here, I whipped up something quick and dirty. Just fill in your passphrase as close as you can remember, and make sure bitcoind is in the current dir. It should print lots of "The wallet passphrase entered was incorrect" if it's working. #!/usr/bin/ruby -w
passphrase = "oops" characters = " !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
def test(phrase) print phrase, "\t" system("./bitcoind", "walletpassphrase", phrase, "20") case $?.exitstatus when 0 puts "Found it! #{phrase}" exit 0 when 127 puts "bitcoind not found in current dir" exit 1 end end
# transpose adjacent chars (passphrase.length - 1).times do |i| testphrase = passphrase.dup testphrase[i] = passphrase[i+1] testphrase[i+1] = passphrase[i] test testphrase end
# delete one char passphrase.length.times do |i| testphrase = passphrase.dup testphrase = testphrase[0,i] + testphrase[(i+1)..-1] test testphrase end
# substitutute one char passphrase.length.times do |i| characters.chars.each do |c| testphrase = passphrase.dup testphrase[i] = c test testphrase end end
# insert one char (passphrase.length + 1).times do |i| characters.chars.each do |c| testphrase = passphrase.dup testphrase.insert(i, c) test testphrase end end
puts "No luck." exit 1 Good luck! edit: This also requires a running bitcoind. 1. set "rpcpassword=somerandomcrap" in .bitcoin/bitcoin.conf 2. run "./bitcoind -daemon" 3. run "./bitcoind getinfo" until it starts returning data instead of errors 4. then run the script above.
|
War is God's way of teaching Americans geography. --Ambrose Bierce Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
June 05, 2012, 07:10:25 AM |
|
Less than a year ago: So why didn't we encrypt it up the wazoo and require that you type six passwords to unlock it? Well, two major reasons:
First, losing your wallet or forgetting your password is (arguably) as big a threat as theft. There is a reason every online service has some 'recover/reset lost password' feature.
- http://gavinthink.blogspot.com/2011/06/why-arent-bitcoin-wallets-encrypted.html
|
|
|
|
Revalin
|
|
June 05, 2012, 07:49:11 AM |
|
Here's an updated version which will try double substitutions. This is a large keyspace and will take a long time - figure about a month for a 30 character password at 10 guesses per second. Beyond there you'll have to use either riX's approach where you assume that fumbles will be to adjacent keys, or employ a GPU for more brute force. #!/usr/bin/ruby -w
passphrase = "oops"
def test(phrase) print phrase, "\t" system("./bitcoind", "walletpassphrase", phrase, "20") case $?.exitstatus when 0 puts "Found it! #{phrase}" exit 0 when 127 puts "bitcoind not found in current dir" exit 1 end end
def scramble(passphrase) characters = " !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~" list = []
# transpose adjacent chars (passphrase.length - 1).times do |i| testphrase = passphrase.dup testphrase[i] = passphrase[i+1] testphrase[i+1] = passphrase[i] list << testphrase end
# delete one char passphrase.length.times do |i| testphrase = passphrase.dup testphrase = testphrase[0,i] + testphrase[(i+1)..-1] list << testphrase end
# substitutute one char passphrase.length.times do |i| characters.chars.each do |c| testphrase = passphrase.dup testphrase[i] = c list << testphrase end end
# insert one char (passphrase.length + 1).times do |i| characters.chars.each do |c| testphrase = passphrase.dup testphrase.insert(i, c) list << testphrase end end
return list.uniq end
list1 = scramble(passphrase) list1.each { |i| test i } list1.each { |i| scramble(i).each { |j| test j }}
puts "No luck." exit 1
|
War is God's way of teaching Americans geography. --Ambrose Bierce Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
|
|
|
riX
|
|
June 05, 2012, 07:52:50 AM |
|
characters = " !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
You might want to reorder that to make it find adjacent _keys_ on the keyboard, not adjacent letters in the alphabet. Edit: noticed you posted that just before.. When I get home from work I can post my script unless you have it figured out by then.
|
|
|
|
Revalin
|
|
June 05, 2012, 08:13:28 AM |
|
You might want to reorder that to make it find adjacent _keys_ on the keyboard, not adjacent letters in the alphabet. Just reordering the string won't help. It would need to generate groups by adjacency, which will require a considerably more clever algorithm than the double-nested-loop exhaustive search above. By all means post it if you have one. I'm done for the day.
|
War is God's way of teaching Americans geography. --Ambrose Bierce Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
June 05, 2012, 10:14:49 AM |
|
Any script authors or white hats interested in making a hundred BTC or so, send me a message.
I sent you a PM. I've since discovered that it's possible to test whether I've cracked your password without having any of your encrypted keys. If you can just give us your encrypted master key, the salt, the number of iterations, and your best guess at what you think the passphrase is, we can attempt to find a passphrase that decrypts the master key and know when we've done it, but without getting access to any of your funds. To get the information we need, get a copy of Gavin's bitcointools: https://github.com/gavinandresen/bitcointools and make the following change in wallet.py: - print("Master Key %d"%(d['nID']) + ": 0x"+ short_hex(d['crypted_key']) + - ", Salt: 0x"+ short_hex(d['salt']) + + print("Master Key %d"%(d['nID']) + ": 0x"+ long_hex(d['crypted_key']) + + ", Salt: 0x"+ long_hex(d['salt']) +
Then close bitcoin-qt and run: ./dbdump.py --wallet | grep Master.Key
from the bitcointools directory. It should print a single line, like this: Master Key 1: 0x47994851532eb7479886f5dc3c923df2d8a57d1f687d0d41808dee394b50259b209e587f677a3b69db1448ecb18e0d39, Salt: 0xa66b5e971bbd8106. Passphrase hashed 95913 times with method 0 with other parameters 0x
Using this, and bitcoin-qt's crypter.cpp, anyone can verify that the passphrase is 'abc'. But since nobody has a copy of the wallet I encrypted with 'abc', nobody has access to the coins in the wallet.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1060
|
|
June 05, 2012, 10:24:55 AM |
|
I don't suppose you have a backup from before you encrypted the wallet?
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
June 05, 2012, 10:26:00 AM |
|
I don't suppose you have a backup from before you encrypted the wallet?
Ha! That's the first thing I thought of when I saw this thread, but forgot it in all the technical details.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
flatfly
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
June 05, 2012, 12:38:28 PM |
|
It may be worth trying to scan your hard disk for remnants of deleted copies of the wallet. To do that, I highly recommend the portable version of Recuva. It's very simple to use. If you're lucky, you could find one that is unencrypted (until recently, Bitcoin-Qt had a bug that sometimes left the wallet file partially unencrypted on the hard disk). Enable deep scan mode, and look for any recoverable DAT files that are similar in size to your wallet file.
|
|
|
|
interlagos
|
|
June 05, 2012, 01:02:45 PM |
|
Since you mistyped it twice it's unlikely that you made the same mistake. I would check the version with inversed capitalization in case you had CapsLock On and didn't notice. Or if you have multiple languages on your computer try changing the language.
|
|
|
|
payb.tc
|
|
June 05, 2012, 11:03:04 PM |
|
Since you mistyped it twice it's unlikely that you made the same mistake.
that's what i would have normally thought, but as i mentioned, a bad keyboard can easily have that effect.
|
|
|
|
malaimult
|
|
June 06, 2012, 03:58:52 AM |
|
i can point you to some Russian forums, they are very good in this kind of encryption mysql injection etc, but i don't know how you stay with russian language. someone helped me with a bigger problem in the past
|
|
|
|
riX
|
|
June 15, 2012, 01:17:15 PM |
|
Problem solved...
|
|
|
|
interlagos
|
|
June 15, 2012, 02:06:02 PM |
|
Problem solved... What was it? We are curious!
|
|
|
|
riX
|
|
June 15, 2012, 03:43:03 PM |
|
He had indeed mistyped the password, but I cracked it.. 52 char pwds are not always good, easy to mistype =)
|
|
|
|
|