Tool to brute-force offline armory password?

[jl2012]

Don't, under any circumstances, accept to receive is wallet and password info in the unlikely event that he changes his mind.  With this attitude, you can only get trouble from it; and if something bad later happens you will most likely be blamed.  If he thinks that losing the btc is better than giving you a chance to help him, but also a chance to steal his btc if you are dishonest, then he is more mistrusting than most (to put it politely).

I thought about bringing this up earlier as a general threat vector (i.e., I'm not saying the OP would do this), but yes, this is one reason why people don't like handling private user/customer data. What are the chances that the user will turn around and make false/inaccurate claims? The blockchain and the various analytics make it easy to concoct a story where the evil Armory developer (or hacker breaking into an Armory computer) swept the wallet into their own wallet. It's a huge Pandora's Box that many people would prefer not to touch in the first place. Providing the recovery script is a good compromise for people who have the technical chops to use it. Everybody else? Frankly, in some ways, we're taking as much of a risk as they are in sending us their data, if not more so.

Instead of directly encrypting the private key with the user passcode, we could encrypt the private key with a long random key, which is encrypted with the user passcode. When a user forgot the passcode, he may pay other people to brute-force the random key, without the risk of losing bitcoin.

[btchris]

I've written (and have been improving I hope) a password recovery tool for a while now, and it includes support for Armory (that was the first wallet it supported as a matter of fact). You can find it here (it's open source): https://github.com/gurnec/btcrecover; the quick start is here: https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#btcrecover-tutorial

Although it's not the easiest to use, it is fairly well documented, and it doesn't required that you send your wallet information to anyone else if that's a problem (if you run it offline, of course).

It's also probably faster than any alternative -- it's multi-threaded, so if you have a quad-core CPU, it'll run about four times faster than most alternatives. It also supports GPU-accelerated searches, although it's not very effective on that front for Armory.^*

Instead of directly encrypting the private key with the user passcode, we could encrypt the private key with a long random key, which is encrypted with the user passcode. When a user forgot the passcode, he may pay other people to brute-force the random key, without the risk of losing bitcoin.

That would be excellent. Of all of the wallets currently supported by btcrecover, Armory is the only one where I couldn't find a way to extract enough information from a wallet file to test for passwords without putting funds at risk.

Armory encodes private keys as 32-bit blobs with no padding (which is not a weakness by any means, just an inconvenience when it comes to this particular task). Every other wallet I've encountered so far offers some form of "trick" that allows me to extract only a portion of a private key (or a hash thereof) for password testing purposes. For example, many wallets add PKSC7 padding to the end, which allows me to extract just 16 bytes of key material (50%) plus the (useless) 16-byte padding in order to search for passwords. Others encode their passwords in hex or base58 prior to encryption, which allows a similar trick of extracting only a portion of any private key/seed material. It's not that Armory is inferior for being more concise (by not including padding and by using binary instead of unnecessary encoding) -- it's just that it's the only wallet I've encountered so far where you need an entire private key to test for password validity.^**



* It depends a whole lot on your GPU memory size and the KDF parameters used during wallet creation to determine whether or not GPU-based acceleration can help in password searches. Armory's excellent use of ROMix makes GPU acceleration hard (even with btcrecover's time-space tradeoff), so a GPU might help by a factor of 5x or so, or it might not help at all....

** which in combination with the (unencrypted) chaincode and master public key does put funds at risk

[goatpig]

Instead of directly encrypting the private key with the user passcode, we could encrypt the private key with a long random key, which is encrypted with the user passcode. When a user forgot the passcode, he may pay other people to brute-force the random key, without the risk of losing bitcoin.

New wallets do use master key encryption. Again, all this is possible and implemented... in the new wallets =P. Alas, the issue at hand is with the current wallets.

[Bluengold341]

what if your not sure at all where to start?

[Bluengold341]

what if your not sure at all where to start?
anyone? i'm willing to share

[goatpig]

It's not that simple. Armory's KDF is brutal, brute forcing a password without any hint is basically impossible.