Topic: Multibit HD 0.1.3 Password no longer valid - page 2. (Read 3260 times)

I will give you the logs. I have not decided if i wish to completely change all my addresses, specially since i used some for signed message verification. But when i have decided i will let you know.

Check your emails.

There shouldn't be any hardware dependency no.
We bundle a Java runtime (except for Linux) to minimise the software dependency.
Things like system clock time etc aren't used for the encryption.

It would be interesting to see that wallet data to see if there are any clues to what went wrong. It does sound like a bug that is happening infrequently so it would be worth following up on. Bugs like that it is quite difficult to get good data on so your wallet would be quite useful.

First thing to do: get your bitcoins out without disturbing the wallet by either using another machine or downloading Lighthouse (https://www.vinumeris.com/lighthouse), use your wallet words to recover the wallet and then empty it.

If you don't mind me seeing the wallet data the best thing for forensics would be a zip of the whole wallet directory that you send to me.
I can then trawl through all the logs and backups etc.
If you do this NEVER USE THAT WALLET again - it will be totally compromised as I will have seen it.


You can see the wallet directory if you go into the Manage wallet | Wallet dashboard.
Navigate to the directory then close down MultiBit HD (so that it writes everything out) and then zip the directory.

Then pop it on somewhere like dropbox and email me at  j i m 6 1 8 @ f a s t m a i l . c o . u k
+ the dropbox URL
+ your wallet words
+ your wallet password
Just to repeat - never use this wallet again !

If you do not want to do this then a zip file of the log directory would be fairly useful (though not as good). It is in the same directory as where all the very long wallet directories are stored.

The logs do contain transaction data but no notes or anything so contains less private info.


If you aren't happy to send me either of these for privacy reasons I won't be able to find out anything more - that is totally your decision.

Thank you. Knowing this, i setup a closed environment and then i revealed the password... and it seem my paranoia was for naught, it indeed seem to be the software bugging out.

It display my real password, but still won't unlock with it.

So i'll reiterate my initial question;

Is there another factor for deencryption required, like time clock validation, hardware validation, dependency, etc?

Because either something on my system is breaking Multibit HD or Multibit HD has a pretty interesting bug.

It just shows you the password.

I'll rephrase.

If i decrypt my password using recovery. Is it going to just let me see the password or just let me put a new one on?

The only thing i want right now is see what the current password is. And i do have the keys to decrypt it, as you said.

When you either set a password, or change a password, 2 things happen:

1) Your wallet is written to disk encrypted with the (new) password.
2) The (new) password is encrypted with an AES key that is derived from your wallet words and stored.

When you do a password recovery the item in number 2) is used. You enter the wallet words to reproduce the AES key and decrypt the bytes to get your password.

LOGICALLY it should be the same as the password used in number 1) but if someone else fiddled around with the wallet, or if it is damaged, it may not be IN REALITY.


Given a block of encrypted wallet bytes you cannot determine what the password is except with brute forcing. If you think about it would be rubbish security if you could as an attacker could do the same.

I'm going to rephrase.

Is there a way to display the password that is locking my wallet at the moment using my words?

If you do a restore on a second computer from your wallet words it doesn't say anything about the password you used on the first computer.

You can actually set a different password on the restored wallet if you like. It is used to encrypt the wallet where it is written out and does not go anywhere else.

But i do not want to recover my wallet until i know if my password was changed. If it was changed it mean a hacker of sort has access to my computer and entering my words would be an horrible idea.

What i was asking is, if i restore the wallet on another computer, is it going to reveal the current password? I'm not trying to get access to my BTC back i'm trying to figure out what happened.

@VirosaGITS

There are various things you can do to investigate further.

1) If you think your machine is compromised, go to another machine and:
a) Install either MultiBit HD or Lighthouse and recreate your wallet from your wallet words.
b) Empty your wallet to somewhere else.

By doing this then none of your bitcoins will be at risk.

2) You can recover your password from your wallet words using the Restore | "I have forgotten my password" option.
You need to use all your wallet words because the full entropy of the wallet words is used to encrypt your password when it is saved on disk.
If the password that is recovered is DIFFERENT to the one you have been using, then try using that one to unlock your wallet.

If it is the same, then it most likely that there is something wrong in the writing out of the wallets - this is done very carefully as outlined in other posts but nothing in life is perfect so if it is this we can have a further look at it.

3) You can recover your wallet from your wallet words on your first machine.

The whole point of us writing password recovery and wallet recovery is for them to be used when things go wrong. There is little point in us writing these recovery options if people do not use them.



@f3tus Most of the threads here (and in the MultiBit issues database) about forgotten passwords are to do with MultiBit Classic. Passwords are imperfect - people forget them at a rate of about 1 per 50,000 man months. There are LOTS of old MultiBit Classic wallets.  (We've had over 1,500,000 downloads of MultiBit Classic over 4 years).
People are recommended to move them to MultiBit HD (or another wallet if they prefer) for various reasons, this being one of them.
We cannot make people to upgrade from Classic to HD - you have control over your bitcoins - but really people should be trying HD out and moving their bitcoins by now.

We have built in password recovery from wallet words directly in the UI of MultiBit HD. Or you can reconstruct your wallet from your wallet words and hence do not need your password.

I will not until i know what the issue is. If its a vulnerability with MultiBIt and i've been compromised i cant risk it. And if i have not been compromised and its just a bug in Multibit HD software, i need to know first as well. Once fixed i would restore my wallet. But only if i have a 100% garantee that my BTC is sade.

I think this is like the 4th thread about the password not working... But at least you have the words to regenerate it.

I had just moved most of my funds so i don't have much BTC left, but its still there. I sent a transaction, then went to bed, got up, wallet still opened, try to send a small transaction and bam, password no longer unlock wallet.

I been using this wallet for a while now and i absolutely cannot possibly have forgot my password and its not a silly thing like a capitalised letter or a keyboard's key working unproperly since i can see the password typed down and it is without a doubt correctly entered.

You can be pretty certain by looking up your BTC address you use on a block explorer such as blockchain.   You look to see if BTC is still in address or gone.
When you check is there still BTC in address?

I of course have the words to regenerate the wallet. But i am not willing to use them before i know whats happened. I doubt i have been compromised but i can't be certain. If there would be a way to display the password using the recovery options, this would be nice, using a few of the words.

Then i could know if it was changed or if its just the software bugging out.

Have you looked at address of coins online?  I would verify coins are there and it was not compromised. 

As far as password not working no it should not happen.  Here is FAQ about passwords - https://multibit.org/en/help/v0.5/help_lostOrForgottenPassword.html.  Do you have the private key saved somewhere else? paperwallet or just private key on usb, etc?

I absolutely and definitively did *not* forget my password and it no longer unlock my wallet.

I left it on for a while and when i went to send a transaction, it of course ask the password again before sending the BTC, but at this point it tell me the password did not unlock the wallet.

I then closed the wallet and restarted the computer and now i cannot load up the wallet since the password is still invalid.

Is there something that can cause the right password to become invalid for no reason such as computer being set to wrong time, etc?