Pages:
Author

Topic: Resolved (Read 2265 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 10, 2013, 08:04:44 PM
#24
Just keep a backup of the previous bitcoin-QT version and your wallet. Very easy to do. Some people tend to keep several backups of wallets every day, and backups of bitcoin-QT for the last 10 versions. (I just keep the last 1 or 2.)

@grue, does the stretching feature of the current bitcoin-QT wallet change depending on your own computer's processing power? If I have a single core 1 GHz laptop, it picks a smaller "stretch" than if I had a octa-core 5 GHz i Xeon whatever?

Does it depend change on the speed and/or cores?

If it does, wouldn't it be better to create the wallet on a fast machine, encrypt it, then transfer it to your regular usage slower machine? It will then take longer to use and open by a second or two.
pc
sr. member
Activity: 253
Merit: 250
September 10, 2013, 01:38:03 PM
#23
If you're going to do more testing on encrypted wallets on 0.8.3 vs. 0.8.4, why not do the testing on testnet? Make a new testnet wallet on 0.8.3, encrypt, upgrade, and see if you can decrypt? Don't play with real coins for something like this.
legendary
Activity: 2058
Merit: 1452
September 05, 2013, 08:30:06 AM
#22
I know nothing about this really, apart from what I have read on the interwebs, but I would be worried that there might be a (custom?) other program/software which could be used to decrypt the wallet file faster than Bitcoin-Qt? Or is the slow cracking speed simply a result of the encryption protocol used?
No, the process used is very computationally intensive and there are no shortcuts. If you wish to learn more, search "key stretching" on Wikipedia.
sr. member
Activity: 302
Merit: 250
September 05, 2013, 04:39:26 AM
#21
Perhaps you should also go to this website https://www.grc.com/haystack.htm and input a password of the same length and character type (although not obviously your exact password) into the box to see somerought stats on how difficult it is to be brute-forced. Not too difficult I would imagine, and now remember that some in this community will have GPU farms not mining much BTC anymore, which could possibly earn more in more 'malicious' ways...
Those estimates are usually worthless.

The encryption in bitcoin-qt's wallet uses powerful strengthening— on your own system it won't be able to test more than 10 attempts per second... even with a powerful GPU farm things will be limited.

(as compared to BC.i wallets, for example, which has gpu cracking tools that do millions of attempts per second)

That isn't to say that having a good key is important— it is... but for many people the strengthening is enough that the bigger risk is losing/forgetting the keys.


I know nothing about this really, apart from what I have read on the interwebs, but I would be worried that there might be a (custom?) other program/software which could be used to decrypt the wallet file faster than Bitcoin-Qt? Or is the slow cracking speed simply a result of the encryption protocol used?
full member
Activity: 173
Merit: 100
September 05, 2013, 01:59:05 AM
#20
So a 30 character random password can be memorized even by normal people.

It can, but you need it to use regularly, at least once a month. By my surprise I lforgot password containing about 35 characters after i didnt used it few months. I knew how it is structured, some parts  good, but even I created custom software to create passwords and used it as dictionary attack for bestcrypt mounted drive, but not luck. I gave up after half a year of searching Cheesy
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 05, 2013, 01:33:11 AM
#19
Yes, and on a slightly related note, people have been known to memorize pi to at least 50 to 100 digits. I'm talking about normal people, not the record holders of ten thousand digits.

So a 30 character random password can be memorized even by normal people.
staff
Activity: 4284
Merit: 8808
September 04, 2013, 02:49:39 PM
#18
Perhaps you should also go to this website https://www.grc.com/haystack.htm and input a password of the same length and character type (although not obviously your exact password) into the box to see somerought stats on how difficult it is to be brute-forced. Not too difficult I would imagine, and now remember that some in this community will have GPU farms not mining much BTC anymore, which could possibly earn more in more 'malicious' ways...
Those estimates are usually worthless.

The encryption in bitcoin-qt's wallet uses powerful strengthening— on your own system it won't be able to test more than 10 attempts per second... even with a powerful GPU farm things will be limited.

(as compared to BC.i wallets, for example, which has gpu cracking tools that do millions of attempts per second)

That isn't to say that having a good key is important— it is... but for many people the strengthening is enough that the bigger risk is losing/forgetting the keys.
sr. member
Activity: 302
Merit: 250
September 04, 2013, 09:58:35 AM
#17

I would try switching back to Bitcoin 8.4 client, but I am extremely hesitant to even touch it after what I just went through. Bare in mind, I wrote the passphrase out in plaintext in textedit and analyzed every single pixel (it's only 8 characters!). I copied/pasted. Nothing. Nothing worked on 8.4.
Imagine.. 90% of my life savings are in there, so I just experienced the closest thing to a severe panic attack.

 Shocked

Perhaps you should also go to this website https://www.grc.com/haystack.htm and input a password of the same length and character type (although not obviously your exact password) into the box to see somerought stats on how difficult it is to be brute-forced. Not too difficult I would imagine, and now remember that some in this community will have GPU farms not mining much BTC anymore, which could possibly earn more in more 'malicious' ways...

Also, bare in mind that if you have used any dictionary words, or dictionary words with number/char substitutions (e.g. pa$$w0rd) then this just became a whole lot less secure.

Now, you have just advised everyone that you have backups and a weak password. I have no idea (not that computer literate at a code level myself) if you have exposed your ip address by posting to this board, but if it were me, and I was like you again in control of my bitcoins, I would move them to an address which was not found in any of the old backups which use the weak password, this might require sending them to your online wallet. Then I would generate a new wallet in Bitcoin-Qt, this time with a secure password/passphrase and then make a backup of this new wallet (being careful to distinguish it from the old wallet) and send your bitcoins to this new, more secure wallet.

If you are the nervous type, or want to be extra safe, I often send test amounts when setting up new wallets, just to make sure there are no password problems or whatever. Probably best this tim ein any case, as you have stated that it is 90% of your net worth, to use a test amount first at all steps.

i would do this because I would be worried that someone could find/steal an old backup you have on your computer, knowing that it has an 8 character password (dramatically reducing the keyspace to search in) and take your coins. Sending them to a new address generated by Bitcoin-Qt using your existing wallet will only be sending them to one of the 50 pre-generated recieved addresses stored (hidden) in each backup, this is why I would advise a new wallet file altogether.

I would also be tempted to follow willphase's advice about being extremely careful doing this kind of thing, and ask for help if you need it. Also candoo has wise words about storing bitcoins in paper wallet, for better security. There are guides on how this should be done if this is the route you want to go down.

If you have a smartphone, I would advise you to buy a password manager app, I use 1Password (for iOS). This app is secured using a 50+ character passphrase, generated using words from this site, this is the only password I have to remember any more. I did not use a pre-generated passphrase from this site, but instead used some of the words it gave me to form a sentence of gobblede-gook (important:do not use song-lyric, movie phrase etc, it must be random!)

This lets me use random alpha-numeric-symbolic passwords of any length for all websites as required, using a unique one for every site I visit (bar some ones I dont care about where I re-use a simple password). For encryption purposes, length is the important factor, so passphrases (like the type found on that formilab site) do a good job. For bitcoin wallets, USE 12 CHARACTERS OR MORE. No dictionary words. No clever subsitutions (i.e. 1=i, 3=E, S=$). No common phrases, song titles/lyrics,movie lines, anything which you already know. Also, humans are terrible at being random, thats why i use that Formilab site to get me started, then I randomise that.

My 1Password app is setup with auto-encypted-backups to my dropbox every time I change anything, and it also save all previously used passwords in the backup file, which is neat.

Sorry that I veered slightly offtopic there... You know what they say, 'better safe than sorry'!

Ontopic, I will try to reproduce this error when I get home tonight
hero member
Activity: 767
Merit: 500
September 04, 2013, 02:51:25 AM
#16
I really doubt that everything I was trying in 8.4 was a typo issue, and rolling back to 8.3 was a coincidence. Theres 2 family members in my home that just watched this entire situation and everyone tried that passphrase.. it just kept failing in 8.4
8.3... suddenly all is swell.
I'm not saying it was a typo, I'm trying to determine if the issue is reproducible and if so how reproducible. I've had two other people test with OSX now on 0.8.4 and it worked fine with both.  Maybe if they restart a few times it will fail for them? I don't know because I don't know if you can reproduce the issue or not.

If this is stressing you out, then please— you have no obligation to try further— though if you have good backups you also have nothing to worry about, your coins are safe.

Does your password use any weird characters or ones which differ in position between your local keymapping and qwerty?


Oh I know, I was just thinking outloud. Well, I do have multiple combinations of UpPerANdlowercaSe.

I currently have an iMac sitting around thats just for general home use, and it's installing/syncing with 8.4  I presume it should be synced by morning. What I'll do is create a new wallet, actually send all my coins to my new computer/client (except for say, .5 BTC on the original Macbook I had the issue with). Then I'll roll forward to 8.4 and try it again. (this way I'll be certain that my coins are secure and safe sitting in the next room hehe) and see if the problem replicates itself on the same machine again.

be very careful with what you're doing here - if you have 90% of your savings in bitcoin you don't want to make any little mistakes by hurrying.  Make sure you keep all your backups - remember if you move all your coins from your old wallet then all your old backups become invalid, so you need to make new (secure) backups of your new wallet.   Just be very careful here and don't do anything in a hurry!

Will
hero member
Activity: 602
Merit: 500
Vertrau in Gott
September 04, 2013, 02:14:09 AM
#15
90% of my life savings are in there, so I just experienced the closest thing to a severe panic attack.


I would recommend you to create paper wallets if you really keep 90% of your life savings into bitcoins!
staff
Activity: 4284
Merit: 8808
September 04, 2013, 02:12:28 AM
#14
I really doubt that everything I was trying in 8.4 was a typo issue, and rolling back to 8.3 was a coincidence. Theres 2 family members in my home that just watched this entire situation and everyone tried that passphrase.. it just kept failing in 8.4
8.3... suddenly all is swell.
I'm not saying it was a typo, I'm trying to determine if the issue is reproducible and if so how reproducible. I've had two other people test with OSX now on 0.8.4 and it worked fine with both.  Maybe if they restart a few times it will fail for them? I don't know because I don't know if you can reproduce the issue or not.

If this is stressing you out, then please— you have no obligation to try further— though if you have good backups you also have nothing to worry about, your coins are safe.

Does your password use any weird characters or ones which differ in position between your local keymapping and qwerty?
staff
Activity: 4284
Merit: 8808
September 04, 2013, 01:11:02 AM
#13
OH MY GOD. I just went BACK to version 8.3, and the passphrase works. I am not making this up. I urge the developers to possibly look at this?

I can't believe this.
How exactly were you getting to the password prompt?  Can you try switching back again to double verify?  (you can do a signmessage with one of your addresses to test the password prompt without sending coins).
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 04, 2013, 01:09:33 AM
#12
OH MY GOD. I just went BACK to version 8.3, and the passphrase works. I am not making this up. I urge the developers to possibly look at this?

I can't believe this.

Now that is surprising - although there was some OSX specific change in the latest release I think that was only to do with LevelDB.
legendary
Activity: 2940
Merit: 1090
September 04, 2013, 01:08:10 AM
#11
I have had whole spans of time when typing passwords instead of pasting them got worse and worse over time as some key(s) on my keyboard got less and less reliable. (Each keyboard I've had over the decades, by the time I threw it out to replace it, or maybe tried cleaning it at least.)

Right now it is my left shift key, and I am left handed.

I do not know why i keep using this keyboard as I have many that work just fine, maybe its just this one is smaller so takes less desk space and right now that key works if I just press it harder but any day now I will get sick of remembering to press it harder and go with one of my many fine but slightly larger keyboards.

To discover whether maybe your keyboard is just getting old or needs cleaning or something two tests can be useful:

One is to type your password where you can see what you typed, to check that most times you type it you get it right.

Another is to paste it, which generally I would have expected would be pretty much necessary for any password that is long enough and hard to guess enough and made up randomly-enough that really its not very practical to expect to have it in your brain given each and every site or app you need a totally different one for, preferably with no pattern that makes them at all similar, especially if you also follow the conventional and for all I know maybe very wise wisdom of changing passwords regularly or even frequently.

AaAaAaAaAa hmm I didn't even press hard, guess this keyboard will do me a while longer, its not consistently mucking up yet. Smiley

-MarkM-

EDIT oops edited to fix a lowercase i, nearly did it again to fix another but realised hey no lets leave it, its evidence my left shift key is mucking up still, just I guess more with IiIiIiIiIiIi (hmmm works now) than with aaAa Aha intermittent for both letters it seems. Smiley
newbie
Activity: 30
Merit: 0
September 04, 2013, 01:00:28 AM
#10
resolved.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 04, 2013, 12:50:48 AM
#9
Assuming you didn't do a large # of transactions since your "old password" backup then using that should be fine (of course don't delete the latest backup until you are 100% certain everything is okay and even then wait a week or so before deleting it just in case).
staff
Activity: 4284
Merit: 8808
September 04, 2013, 12:48:47 AM
#8
My balance is showing properly. I Just tried to load a backup from yesterday, same issue. (I have the current wallet.dat moved to my desktop temporarily).

If I backed up on September 1st for example, and the password was ABCD

and I changed my password to ABCD123 on September 3rd and backed that up, will each backup keep the password it was encrypted with?
Yes. it keeps the password it was encrypted with. Its imposable for anything you did today to change a backup you made previously.

How did you load the backup? What software is the desktop running?
newbie
Activity: 30
Merit: 0
September 04, 2013, 12:37:36 AM
#7
My balance is showing properly. I Just tried to load a backup from yesterday, same issue. (I have the current wallet.dat moved to my desktop temporarily).

If I backed up on September 1st for example, and the password was ABCD

and I changed my password to ABCD123 on September 3rd and backed that up, will each backup keep the password it was encrypted with?
staff
Activity: 4284
Merit: 8808
September 04, 2013, 12:32:41 AM
#6
Okay dokie, before you do anything else make a backup of your current wallet without overwriting any of your older backups.

Now try your old password. Make sure to relax, sometimes once people are worried they'll goof it up.  If you can't relax, go to bed and worry about this tomorrow. Seriously, if you are stressed out it will make it more likely that you'll make mistakes while trying to fix it and end up making it worse.

If that doesn't work,  shut the program down cleanly, and copy in your most recent old backup (don't move it, copy it back in, so you still keep the backup unmolested). Start it up again and you should see your whole balance (including coins you sent and recieved) and your password effective at the time of your backup should work.
newbie
Activity: 30
Merit: 0
September 04, 2013, 12:28:02 AM
#5
Resolved.
Pages:
Jump to: