Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Pages:
Author

Topic: decryption of wallet - page 2. (Read 743 times)

o_e_l_e_o
legendary
Activity: 2268
Merit: 18587
Re: decryption of wallet
October 06, 2022, 05:16:26 AM
#34
Quote from: larry_vw_1955 on October 05, 2022, 11:04:58 PM
What I'm talking about is someone that generates paper wallets using something like bitaddress. Do they need to check every single address or just a few of them and then as long as those check out, they can assume bitaddress works correctly so there is no further need to keep checking newly generated addresses. I would think "yes" with a few caveats but in general "yes".
Up to the individual, probably. You need to differentiate between whether you are checking for accuracy or checking for maliciousness. If your copy of bitaddress generates one address accurately, then you can be pretty sure if it is non-malicious then it will generate all addresses accurately. However, a malicious piece of software may generate one or two addresses accurately and then start generating fake addresses.

However, given that any malicious software could generate addresses from predetermined seed phrases or private keys which are known to an attacker, then testing them in this manner does not protect against attack. That can only be done by reviewing the source code.
larry_vw_1955
sr. member
Activity: 1036
Merit: 350
Re: decryption of wallet
October 05, 2022, 11:04:58 PM
#33
Quote from: LoyceV on October 05, 2022, 03:27:35 AM

No. They would realize letting larry_vw_1955 touch their wallet was a big mistake Cheesy
letting anyone touch their wallet might be a big mistake  Grin

Quote
Example: you use a hardware wallet, with Electrum. When you create a new deposit address, you should confirm the address on the hardware wallet. It's not about trusting Electrum, you're using a hardware wallet so that you don't have to. Whatever happens to your software, you want to know for sure your funds are going to your own address.
yeah that's a different useage scenario but consider this: i got a cheap hardware wallet long time ago (or rather, a hardware wallet that was on sale for very cheap, how about that?) but never trusted it enough to actually want to use it. i'd rather use software or paper wallets than use something that I don't fully understand. i tried to understand it but it seemed very confusing and i wasn't sure what it relied on like what company's servers to send and receive transactions and what software would need to be installed on my computer,etc etc not really worth the time and effort to try and figure it out.


Quote from: o_e_l_e_o
Absolutely. Which goes back to the original point of testing your back up with different software. What if you accidentally, either through user error or bugged software, created a wallet using some crazy derivation path with 200+ levels, did not test your recovery, and then loaded it with funds? You now have a useless seed phrase back up securing coins in a derivation path you would never find again, all while being completely unaware of that fact.

Well, maybe my initial question was misunderstood. What I'm talking about is someone that generates paper wallets using something like bitaddress. Do they need to check every single address or just a few of them and then as long as those check out, they can assume bitaddress works correctly so there is no further need to keep checking newly generated addresses. I would think "yes" with a few caveats but in general "yes".
o_e_l_e_o
legendary
Activity: 2268
Merit: 18587
Re: decryption of wallet
October 05, 2022, 03:54:20 AM
#32
Quote from: larry_vw_1955 on October 04, 2022, 09:38:37 PM
I would love to put their funds on some derivation path 240 levels deep and see how they felt about it then. They would probably never find their funds.
Absolutely. Which goes back to the original point of testing your back up with different software. What if you accidentally, either through user error or bugged software, created a wallet using some crazy derivation path with 200+ levels, did not test your recovery, and then loaded it with funds? You now have a useless seed phrase back up securing coins in a derivation path you would never find again, all while being completely unaware of that fact.

Quote from: LoyceV on October 05, 2022, 03:27:35 AM
Example: you use a hardware wallet, with Electrum. When you create a new deposit address, you should confirm the address on the hardware wallet. It's not about trusting Electrum, you're using a hardware wallet so that you don't have to. Whatever happens to your software, you want to know for sure your funds are going to your own address.
This is a slightly different issue. When I check my back ups, I only ever check the first addresses. That is enough for me to be sure that I am using the right seed phrase at the right derivation path with the right script type to reproduce the wallet again in the future. When I check each new Electrum address on the screen of my hardware wallet, I am checking that my computer or my Electrum install has not been infected with malware or subjected to some other malicious attack which results in it displaying an incorrect address.
LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: decryption of wallet
October 05, 2022, 03:27:35 AM
#31
Quote from: larry_vw_1955 on October 04, 2022, 09:38:37 PM
Quote from: o_e_l_e_o
I would wager that the majority of people don't even know what a derivation path is.
I would love to put their funds on some derivation path 240 levels deep and see how they felt about it then. They would probably never find their funds. Then they would realize that knowing their derivation path is just as important
No. They would realize letting larry_vw_1955 touch their wallet was a big mistake Cheesy
I've seen problems caused by weird derivation paths, but as long as it's created by known software, you can probably find the derivation path by searching the internet.
If you use Electrum, you can be pretty sure you can recover the funds from your seed words without understanding anything else.

Quote
Quote from: LoyceV
I checked only the first few addresses indeed. You now make me feel sloppy for not testing the first 100.
If you really feel you need to check the first 100 then I would humbly suggest you have a trust issue with whatever software you are using and probably should ask yourself why you distrust it so much.
Example: you use a hardware wallet, with Electrum. When you create a new deposit address, you should confirm the address on the hardware wallet. It's not about trusting Electrum, you're using a hardware wallet so that you don't have to. Whatever happens to your software, you want to know for sure your funds are going to your own address.
larry_vw_1955
sr. member
Activity: 1036
Merit: 350
Re: decryption of wallet
October 04, 2022, 09:38:37 PM
#30
Quote from: o_e_l_e_o
I would wager that the majority of people don't even know what a derivation path is.
I would love to put their funds on some derivation path 240 levels deep and see how they felt about it then. They would probably never find their funds. Then they would realize that knowing their derivation path is just as important as knowing their seed phrase - well almost. Just like you need an ID to make a withdrawal at your bank, you need your derivation path...well you MIGHT need it sometime. If you ever go to the bank that is!

Quote from: LoyceV
I checked only the first few addresses indeed. You now make me feel sloppy for not testing the first 100.

If you really feel you need to check the first 100 then I would humbly suggest you have a trust issue with whatever software you are using and probably should ask yourself why you distrust it so much. Software that works shouldn't need to be doublechecked all the time. Unless you wrote it yourself, then you might want to run more extensive tests. But not every time you generate an address. There should be some level of trust in the functionality that you say " i know it worked because i did unit tests with 100 different addresses so I'll trust what it generates for me going forward". otherwise it's not software, it is just a crutch. using it as a crutch with something else. Angry
o_e_l_e_o
legendary
Activity: 2268
Merit: 18587
Re: decryption of wallet
October 04, 2022, 04:51:08 AM
#29
Quote from: larry_vw_1955 on October 03, 2022, 10:07:07 PM
Surely there are android bitcoin wallets that adhere to standards like bip39. and are open source but the best bet is dont use android wallets period. you can't really trust them.
Of course, but the point we are making is that some people don't do that. And even if you do only use reputable, open source wallets, have you scanned every single line of code to make sure it is doing what you think it is doing? Doubtful. And even if you do, you cannot be 100% sure that you have not made a mistake when writing down your seed phrase or similar unless you test your back ups. There is literally no reason to not test your back ups before you fund the wallet.

Quote from: larry_vw_1955 on October 03, 2022, 10:07:07 PM
what kind of person puts their money into some wallet without knowing what derivation path is being used though?
I would wager that the majority of people don't even know what a derivation path is.

Quote from: larry_vw_1955 on October 03, 2022, 10:07:07 PM
you have to ask yourself why you would use something other than a trezor or nano though.
Again, I won't, but lots of people do.

Quote from: larry_vw_1955 on October 03, 2022, 10:07:07 PM
So you test every single address or just one address and if that one works, you consider it "good to go" for any further addresses without checking them.
Checking the first address matches is sufficient. The chance of a different seed phrase or incorrect back up generating the same first address is essentially zero.
LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: decryption of wallet
October 04, 2022, 03:54:29 AM
#28
Quote from: larry_vw_1955 on October 03, 2022, 10:07:07 PM
what kind of person puts their money into some wallet without knowing what derivation path is being used though?
If I have to guess: 98% of all Bitcoin users who don't keep their coins on an exchange.

Quote
So if you tested it with a particular address and it worked, then you can generate new addresses and not need to test those right? because you trust the software works since it worked with that one particular address that one time. just trying to clarify.
I checked only the first few addresses indeed. You now make me feel sloppy for not testing the first 100.
larry_vw_1955
sr. member
Activity: 1036
Merit: 350
Re: decryption of wallet
October 03, 2022, 10:07:07 PM
#27
Quote from: o_e_l_e_o on October 03, 2022, 03:39:21 AM

The example I gave of Bread wallet is absolutely software which runs on your own device. Another example would maybe be Schildbach's bitcoin wallet, which does not use seed phrases but its own unique encrypted back ups which can only be recovered using the same software.
Surely there are android bitcoin wallets that adhere to standards like bip39. and are open source but the best bet is dont use android wallets period. you can't really trust them.

Quote
The point here is that Bread wallet didn't tell its users what derivation path was being used. Many wrongly assumed it was the standard BIP 44/49/84 paths, but because they never tested their recovery using independent software (as we are advocating here), they never found out they were wrong until they couldn't access their coins.

what kind of person puts their money into some wallet without knowing what derivation path is being used though?


Quote
Not only are plenty of people still using non-standard formats, but there are plenty more still in development, such as Block's new hardware device, which will not use seed phrases and be completely dependent on Block for recovery.
you have to ask yourself why you would use something other than a trezor or nano though. as far as I have seen most of these new hardware wallets that come out are overpriced and not nearly as well tested as trezor or nano, how could they be ? they are new! only way i would use one of this things is if they gave it to me for free but no way am i buying one.  Cool

Quote from: LoyceV
Correct. One of the reasons for testing in the first place is peace of mind: I know I can decrypt it.
So if you tested it with a particular address and it worked, then you can generate new addresses and not need to test those right? because you trust the software works since it worked with that one particular address that one time. just trying to clarify.

Quote
For what it's worth: so far, all my testing always confirmed what I was hoping to see. But without testing, I wouldn't know that for sure.
So you test every single address or just one address and if that one works, you consider it "good to go" for any further addresses without checking them.
LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: decryption of wallet
October 03, 2022, 03:51:16 AM
#26
Quote from: o_e_l_e_o on October 03, 2022, 03:39:21 AM
The point here is that Bread wallet didn't tell its users what derivation path was being used. Many wrongly assumed it was the standard BIP 44/49/84 paths, but because they never tested their recovery using independent software (as we are advocating here), they never found out they were wrong until they couldn't access their coins.
I even tested my recovering my hardware wallet before funding it: I used Ian Coleman's site (obviously on an air-gapped system, running live Linux from RAM) to see if I could reproduce the same addresses as my hardware wallet showed.
For what it's worth: so far, all my testing always confirmed what I was hoping to see. But without testing, I wouldn't know that for sure.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18587
Re: decryption of wallet
October 03, 2022, 03:39:21 AM
#25
Quote from: larry_vw_1955 on October 02, 2022, 09:19:56 PM
The examples you give below of blockchain.com and coinbase are poor examples since they are not software, rather they are services.
The example I gave of Bread wallet is absolutely software which runs on your own device. Another example would maybe be Schildbach's bitcoin wallet, which does not use seed phrases but its own unique encrypted back ups which can only be recovered using the same software.

Quote from: larry_vw_1955 on October 02, 2022, 09:19:56 PM
well, the link you provided has to do with the breadwallet to coinbase migration situation. if someone doesn't keep track of the derivation path their funds are on then that is a big mistake on their part. but it doesn't mean the software doesn't work.
The point here is that Bread wallet didn't tell its users what derivation path was being used. Many wrongly assumed it was the standard BIP 44/49/84 paths, but because they never tested their recovery using independent software (as we are advocating here), they never found out they were wrong until they couldn't access their coins.

Quote from: larry_vw_1955 on October 02, 2022, 09:19:56 PM
hopefully these day people are only using standard bitcoin formats not proprietary. there's really no reason for using proprietary formats otherwise they might end up being an avid reader of your thread there. Shocked
Not only are plenty of people still using non-standard formats, but there are plenty more still in development, such as Block's new hardware device, which will not use seed phrases and be completely dependent on Block for recovery.
LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: decryption of wallet
October 03, 2022, 03:27:36 AM
#24
Quote from: larry_vw_1955 on October 02, 2022, 09:19:56 PM
Quote from: o_e_l_e_o on October 02, 2022, 04:29:03 AM
It is always smart to test your back up or private keys with different software.
but once you tested it once, you don't need to test it again right?
Correct. One of the reasons for testing in the first place is peace of mind: I know I can decrypt it.

Quote
hopefully these day people are only using standard bitcoin formats
I'm not as optimistic as you are Wink
larry_vw_1955
sr. member
Activity: 1036
Merit: 350
Re: decryption of wallet
October 02, 2022, 09:19:56 PM
#23
Quote from: o_e_l_e_o on October 02, 2022, 04:29:03 AM
Quote from: LoyceV on October 02, 2022, 03:37:02 AM
What if the software I used uses a non-standard encryption and it turns out I can only decrypt it with that software? Then, 20 years later, I can't find it anymore.
There is already precedence for this.
The examples you give below of blockchain.com and coinbase are poor examples since they are not software, rather they are services. To really make the point, we should be sticking to software that one runs on one's computer to generate bitcoin addresses not services they log into and use. There is a distinction between the two things which should not be overlooked or glossed over.

Quote from: o_e_l_e_o on March 27, 2022, 09:13:13 AM
And that's without even mentioning bugged, flawed, or malicious software, which might not derive the correct keys like you think it is doing.
well yeah that can happen but with bitaddress? how about some links.

Quote
It is always smart to test your back up or private keys with different software.
but once you tested it once, you don't need to test it again right? as long as nothing changes like upgrading the software.

Quote from: LoyceV
I've already seen many people who had a hard time recovering their old storage format. I even created [overview] Recover Bitcoin from any old storage format for it, but it's far from complete.
hopefully these day people are only using standard bitcoin formats not proprietary. there's really no reason for using proprietary formats otherwise they might end up being an avid reader of your thread there. Shocked
o_e_l_e_o
legendary
Activity: 2268
Merit: 18587
Re: decryption of wallet
October 02, 2022, 04:29:03 AM
#22
Quote from: LoyceV on October 02, 2022, 03:37:02 AM
What if the software I used uses a non-standard encryption and it turns out I can only decrypt it with that software? Then, 20 years later, I can't find it anymore.
There is already precedence for this. Blockchain.com, for example, used to give out recovery phrases which were not BIP39 phrases, but rather simply to recover access to wallet files on their platform if uses had forgotten their passwords. Now, many years later, although they claim to still support these phrases many users find themselves unable to recover their wallets. Another example is Coinbase, which used to run multi-sig vaults, have discontinued their support of them, and users can no longer recover access to their funds despite possessing the necessary back ups. Even something as simple as a wallet using a non-standard derivation path is enough to cause huge amounts of problems trying to recover your coins. And that's without even mentioning bugged, flawed, or malicious software, which might not derive the correct keys like you think it is doing.

It is always smart to test your back up or private keys with different software.
LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: decryption of wallet
October 02, 2022, 03:37:02 AM
#21
Quote from: larry_vw_1955 on October 01, 2022, 07:24:06 PM
why does it need to be different software than you used to create it?
I like being thorough Smiley What if the software I used uses a non-standard encryption and it turns out I can only decrypt it with that software? Then, 20 years later, I can't find it anymore.
I've already seen many people who had a hard time recovering their old storage format. I even created [overview] Recover Bitcoin from any old storage format for it, but it's far from complete.
larry_vw_1955
sr. member
Activity: 1036
Merit: 350
Re: decryption of wallet
October 01, 2022, 07:24:06 PM
#20
Quote from: LoyceV on October 01, 2022, 05:30:08 AM

I don't think they can help it much when printing from a browser. This is one of the many reasons I test my backup before funding it. By manually typing the key and decrypting it with different software than you used to create it, you know you can decrypt it later. If your test fails, you know not to fund it. (of course, all this should be done off-line, running a Live Linux from RAM).

that's a pretty good idea but why does it need to be different software than you used to create it? you can generate a private key in bitaddress and then go and verify it within bitaddress too.  so u don't need another different software.

LoyceV
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Re: decryption of wallet
October 01, 2022, 05:30:08 AM
#19
Quote from: pateyway on September 30, 2022, 03:07:17 PM
if they are not correct then why would they not be?
Have you tried the QR-code?

Quote from: larry_vw_1955 on September 30, 2022, 07:30:33 PM
bitaddress really should be more careful about how it prints things out. either print it out correctly and fully or don't print anything
I don't think they can help it much when printing from a browser. This is one of the many reasons I test my backup before funding it. By manually typing the key and decrypting it with different software than you used to create it, you know you can decrypt it later. If your test fails, you know not to fund it. (of course, all this should be done off-line, running a Live Linux from RAM).
o_e_l_e_o
legendary
Activity: 2268
Merit: 18587
Re: decryption of wallet
October 01, 2022, 02:46:39 AM
#18
Quote from: pateyway on September 30, 2022, 03:07:17 PM
Oh so you tested one of the other private keys and were not able to get a private key either?
Correct. Hence me asking if you are sure the characters you have posted here are accurate. If I go to bitaddress and create a page of encrypted paper wallets, I can brute force missing characters with 100% accuracy. So either the string you have shared above has incorrect characters or is not a BIP38 key at all.

Are you able to share a high resolution picture of the key you have shared above (the one you said has no funds on it)? You can crop out the other keys. And you can share it privately if you prefer.

Quote from: larry_vw_1955 on September 30, 2022, 07:30:33 PM
bitaddress really should be more careful about how it prints things out. either print it out correctly and fully or don't print anything
There is nothing it can do stop people from locally scaling the page it produces, so much that it is too large for a single piece of paper, which is what has happened here.
larry_vw_1955
sr. member
Activity: 1036
Merit: 350
Re: decryption of wallet
September 30, 2022, 07:30:33 PM
#17
Quote from: LoyceV on September 29, 2022, 12:45:31 PM
Quote from: pateyway on September 29, 2022, 11:38:24 AM
Thanks, I just sent it.
This is the picture I received:
Image loading...

This indeed looks like Bitaddress.org's Paper Wallet with "Hide Art?" ticked. And it shows what I've seen myself too: the printer (driver) messed up the page.

bitaddress really should be more careful about how it prints things out. either print it out correctly and fully or don't print anything
pateyway
newbie
Activity: 8
Merit: 12
Re: decryption of wallet
September 30, 2022, 03:07:17 PM
#16
Oh so you tested one of the other private keys and were not able to get a private key either? If they are correct? Well I double checked if I wrote down the other characters correctly, if they are not correct then why would they not be?
o_e_l_e_o
legendary
Activity: 2268
Merit: 18587
Re: decryption of wallet
September 30, 2022, 08:43:55 AM
#15
Quote from: pateyway on September 30, 2022, 06:25:54 AM
Could it be that the third digit "n" could be different as well. I made the wallet in 2020 if that has any meaning. Any bright ideas Smiley ?
It could be, but it's unlikely. bitaddress's source code hasn't changed for 6 years. Are you 100% sure all the other characters are correct?

Quote from: LoyceV on September 30, 2022, 07:18:54 AM
although I'm not sure if it can brute-force missing characters in a BIP-38 key with known password.
It can, and indeed, knowledge of the password is unnecessary. BIP38 keys use Base58Check, so it can brute force a few missing characters until it finds those that match with the checksum.

Edit:

I've tested the string you shared above: rgHM7eKVe37vCGtGQRVNRcN6pfa2gRAzaxdsG86RSmKdnMAEkPZnHJ

I'm unable to find any combination of 6P** (or 6P*string* or 6Pstring**) which creates a valid key. Again, are you sure you have the right characters?
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: