Topic: Forgotten password for a Bitcoin wallet from 2013 recovered, unlocking 43.6 BTC - page 2. (Read 223 times)

Source: https://archive.is/BZal2

In 2013, a man stored 43.6 BTC in his wallet, and protected it with a strong, 20-character password generated using a password manager called RoboForm.

Instead of simply storing this password in the password manager, he decided to store it in a file and encrypted it using a tool called TrueCrypt.

Some time later that encrypted file got corrupted, so he was unable to obtain the password to his wallet.

Now, the interesting part is that because of the way RoboForm generated passwords, it was possible to regenerate the same password and unlock the wallet!

Here's the video that explains this in more detail: https://www.youtube.com/watch?v=o5IySpAkThg

RoboForm used certain parameters like password length, use of upper or lower case letters, etc, which were simply guessed by the "hackers/researchers" based on other passwords that the man used in the past. But the crucial step is that RoboForm used the time of the system to seed the PRNG(Pseudorandom number generator) algorithm to generate the password. This reduced the number of checks dramatically and made it possible for them to crack it.

The password was generated on May 15, 2013, at 4:10:40 pm GMT. They were able to generate the same password that the software gave to the man at that time.

This is a happy ending, with the man now holding 30 BTC (he sold some and also paid the "hackers"), but it is also a cautionary tale:

If you use a password generator, make sure to manually edit it so that it is not possible for people trying to steal your money to do something like this.