Out of curiousity, and I think it's relevant here, what sort of encryption does bitcoin-core use to encrypt wallets? I would guess that it's going to be something in the aes suite. I guess I'm just imagining if I had to make a cracker for my own wallet, what would I put in the shell script. Here's pseudocode:
So, really, I have two questions? What's the encryption algo? And what's the test for success?
Code:
for guess in guesses.next(); do
# run some command to try decryption
openssl -d ?? -i wallet.dat.encrypted
# test for success, maybe just $?, or is there a magic number in wallet.dat to look for
if $?==0; then
echo "we win!"
break
done
# run some command to try decryption
openssl -d ?? -i wallet.dat.encrypted
# test for success, maybe just $?, or is there a magic number in wallet.dat to look for
if $?==0; then
echo "we win!"
break
done
So, really, I have two questions? What's the encryption algo? And what's the test for success?
Depending on your python you should find the answer here -> https://github.com/gurnec/btcrecover
Quote
Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change). Although the underlying code supports multiple encrypted copies of the same master key (and thus multiple passphrases) the client does not yet have a method to add additional passphrases.
https://en.bitcoin.it/wiki/Wallet_encryption
Thanks, Shorena, it definitely seems to be a lot more complex than just descrypting the wallet file. You may be right that the specific question I'm curious about is answered somewhere in the source for the btcrecover tool (thanks for the link!). Just looking at that paragraph from the bitcoin wiki, I'm imagining that you know the passphrase (say), so you'd hash it with sha512 and you'd have to see what this EVP_BytesToKey gives you, then you'd have to gues at how many rounds might have been used? After that I guess you have the "master key" and you can use that to decrypt individual private keys with AES-256-CBC. There must be somewhere that you can tell how many rounds have been used. Anyway, to be clear, I don't need to do this right now, I'm just curous about the procedure.
AFAIK the number of rounds is stored in the wallet.dat. Its not meant to be secret anyway, similar to a salt. Do you look at the wallet.dat with pywallet?
That makes sense, I figured it ought to be stored there. I haven't looked at any particular wallet in this moment, I was just interested in it for the principle---the education. I'll take a closer look for myself before I ask any further questions. Thanks Sho.
