Topic: BIP 038 Bug - page 2. (Read 2540 times)

http://www.walletrecoveryservices.com/

If the amount is significant to you, give this guy a try.

I am certain I tested it. The pw wasn't complex. I only wrote a hint because that's all I needed after testing it. We'll see someday if anyone else had this happen. Like I said though I may have been tricked into thinking I verified the pw because the older versions of bitaddress.org will sometimes just randomly pop up a bitcoin key pair. I should have double tested it but who does that? They usually ask you to enter the pw twice when you create them.

That is completely wrong.

First Litecoin et al used an crippled version of scrypt making it many orders of magnitude less memory hard.   Before the history of Litecoin was revised it was designed to be anti-GPU because GPU farms were going to kill Bitcoin.   However it turns out the parameters chosen were "accidentally" too weak and it allowed GPU cache to be used very effectively.  BIP38 is designed to actually be memory hard.

Litecoin Scrypt paramters: n = 1024; p = 1; r = 1;
BIP38 Scrypt paramters: n = 16384; p = 8; r = 8;

Still even if BIP38 used the gimped parameters selected for Litecoin the ASICs would be next to useless.   Mining ASICs are heavily optimized to only be effective at mining.  They only hash block headers and the internally increment the nonce so that 4 billion hashes are computed for a given partial block header.   This makes them beyond useless for password cracking. 

BIP38 is the real deal.  Brute forcing is essentially impossible although in the OP case the fact that he may have a partial password means that a permutation attack may be effective but even that really depends on how different the remembered password and actual password are.  If it is a significant deviation it may be infeasible, Scrypt is that tough to crack (except when gimped to create a "CPU only POW which turns out it is GPU capable but turns out that is ok because ASICs are the real threat and ASIC Scrypts will never be possible except they are so it served no purpose except maybe to people who figured out it wasn't as memory hard as claimed early on").

always make sure you have actual private keys and test them.

Thanks for the suggestion. I removed that bit of code, but still got the incorrect passphrase alert when I tried to decrypt. I've spent over 20 hours casually trying to manually brute force my simple pw. It was a keyboard peck type pw similar to qwerty only longer.

There actually was a bug for a while where a version of Safari was giving different encryption than every other browser.

If that were the case, then a lot of people will be surprised one day when their wallets won't open.

I see. I didn't know that. My mistake.

https://www.youtube.com/watch?v=b3_lVSrPB6w

U should also use the same os and browser version

Try again like 10 times. Someppl reported it works after tring a couple times

The existence of ASICs for scrypt-mining has little to no effect on the strength of scrypt as a password-hashing-function. Mining ASICs perform a very specific operation on a very specific input-format and they can't be reconfigured to go password cracking. SHA-256 is being used to hash passwords across the globe, but we haven't seen the Bitcoin miners switch their equipment to crack some passwords. For the simple reason that it is impossible. You'd need a different device for it.

Really?  any sources for that?

if true, there's going to be alot of surprised ppl who assumed this would stand the test of time.

BIP38 uses scrypt to hash the password. Scrypt ASICs have been out for a few months now and faster devices are released all the time. Soon scrypt hashing will be very fast and someone will be able to brute force your keys for you. In the meantime you would do well to get a notebook and write down everything you remember about your password. The more info you have the better the chances of cracking it.

Oh and if you want to try and get it bruteforced today you can consider this guy's services:

https://bitcointalksearch.org/topic/bitcoin-wallet-recovery-services-for-forgotten-wallet-password-240779

Honestly I think this sounds like user error. Which should be somewhat comforting as you seem like you know a good starting point from which to brute force the password. This is exactly the sort of situation my device I hope will help solve.

https://bitcointalk.org/index.php?topic=566626.80

No, my brain wallets are much more complex. This was the kind of pw most websites would reject as too simple except for adding the salt. With BIP 38 you need the private encrypted key, so there wasn't the need for a tough pw. I am perplexed and befuddled. I still think it may have been a possible bug in which case I will need help someday.

Is it one of your bible codes?

I noticed bitcoinaddress v2.5.1 wallet details tab occasionally pops up a new address. It might have fooled me into thinking I verified the pw. No worries.

Well anyway. If I don't recover the PW, perhaps I'll hire someone to brute force crack it.

It was my most commonly used pw for sites I don't care about with one added salt. I have a few variations, but not many. It was such an easy pw that it was the only one I didn't bother to write it down precisely. I did test it as well before loading the bitcoins.