Unicode characters in account password

[Steveseagal]

System information

Version: `0.8.9`
OS & Version: windows
Node type: `geth(default)`

I created a new account with a password containing a unicode special character, in this case � (REPLACEMENT CHARACTER).
See http://www.fileformat.info/info/unicode/char/fffd/index.htm

The account could be created in Ethereum Wallet and as well with the command “geth account new”.
The password confirmation dialogue – in both approaches - apparently worked out as well.

Now when I am trying to send some ether to another wallet, the password dialogue tells me that the password is wrong/not valid. Are there any known issues with unicode characters in passwords, or do I need to "escape" / mask those characters in a special way?
Means for example: the character � with "\uFFFD" or Alt +FFFD see http://www.fileformat.info/info/unicode/char/fffd/index.htm

Github Documentation:
https://github.com/ethereum/go-ethereum/wiki/Managing-your-accounts#account-update

BTW, what is the max password length?

Any help / hint is greatly appreciated.
Cheers Steve

[diegopau]

I had similar issue. 3 days ago I created a Ethereum account with Mist and I used a password generator (I use KeePassX) to generate a password containing symbols like ˆ(+'
I am pretty sure nothing was wrong on the process, I copy pasted the password, that's all I did. Now when trying to send my Ether somewhere else I get a "wrong password" message. I used a 25 length pass. Is it possible that some of those characters weren't accepted? or that they were converted to something different?

[WhenLambo2]

Hm, I'm having the exact same problems as diegopau.. The generated password, which I double checked before making a 50 eth transfer. Now I can't touch them..

Did you find any solutions yet?

[luclu]

AIFAK geth does support unicode characters in passwords.

To be sure I tried to reproduce the described behaviour with the simple password "�", but failed, thus couldn't confirm the issue. Creating the account as well as sending Ether from the account does work. Please make sure this isn't caused by a mistyped/wrong password.

Please provide a simple test case/instructions on how to reproduce this behaviour.
I will close this issue for now.

[diegopau]

Hi, I have to say that I tried creating a new account and using the exact password and I supposedly used previously and this time I didn't have any issues. So even if I can't be 100% sure I can assume that for some reason I didn't copy correctly the password from the password manager and whatever I pasted when created the Ethereum account was something i previously had on my clipboard. It is the only explanation.

With that said. That happened after a week of trying around 25 different cryptocurrencies, and in every wallet I can remember, you are asked for your password at some point when you reopen the wallet. In Mist, everything seems to be designed so you don't realize that you don't know your password until you really need it to access your Ether. Hasn't been suggested to do this userflow in a different way to prevent people losing their Ether just as I did?

[archywillhe]

I believe there is a bloody bug in copy-pasting password into the field for the mac app and i lost 1.6eth thanks to that. fucking hell.

[Haxtro]

Update regarding my wallet, I cracked mine after two months of work using the ethcracker tool and retrieved a decent sum of eth. Don't give up guys, it's worth it...

[archywillhe]

@Haxtro how did you go about cracking the password? Are there like special characters or spaces added to the actual passcode so you tried randomly inserting chars/spaces to the string? Or did you just try all the permutations?

[Haxtro]

In the end I made a list with about 28.000 words to try. Took me really a lot of time and testing in the meantime, but worked out. For me, it was a combination of two spaces and a weird character. My password generator used an apostrophe, but there are many forms. My Mac had 'smart quotes' on, which caused a lot of trouble. This in combination with the still existing bug in Mist not allowing characters while typing, but allowing them when "show password" is on caused a lot of trouble. But I'm glad to have my 40 eth back now (:

Let me know if I can help! Took me a long while to get a wallet bruteforcer working (all the old tools don't work with v3 wallet format).

[diegopau]

@Haxtro @account-archived-0 wow! your post here inspired me. At the beginning I was sad that you made me remember that tragic incident. I have to say that in my case it was a smaller amount of bit more than 3 ether, but well, they are worth more now than back then!

I hope this might help someone else or even point out a problem (not sure if on Keepass, MacOS, Mist, or just me doing it wrong).
I decided to give it a try again today, not really sure what to try because I had tried everything months ago... I had still my old password somewhere, the one that was supposed to work but didn't work. So I took it again and I looked at it, thinking on what to try. Well it turns out that Keepass had generated a long password with the symbol ˆ and all i had to do is to try replacing it with the symbol ^. And that's it, it worked.
Now the thing is (and this I am not 100% sure as it was long ago). I am quite sure that when I first gave the password to Mist I just copied pasted whatever Keepass generated, so I should have pasted it with the symbol ˆ and I suspect that on Mist password input fields it got converted it to ^. But I can't be sure, I might have been as well that I entered it manually (but that is something i never do)... when typing, the first time you press in your keyboard SHIFT+6 it generates ˆ (to write things like ô) and only if you press space afterwards it transforms to ^.
So anyways, I recovered my Ether, and even a bit of REP! Good thing that I kept the wrong password just in case... I hope some other people have also luck recovering their accounts.

[archywillhe]

@Haxtro @diegopau thanks for sharing your stories here man! Really appreciate that :D

I generated my password using an algorithm of mine and it has a lot of symbols like '[]{}()]/>#! and maybe even tabs so I think it is probably the case that the password string underwent a transformation due to some needless char conversion from utf8 to a subset of it before being fed to aes128 for the encryption.

Also I fiddled with show password a bit before pressing enter (fucking hell I just wanted to confirm that what has been copied & pasted into the textfile is indeed my password).. so that can indeed be where the bug is.

[ihatecreatingaccounts]

i fucking hate ether, i didnt set a password, all my ether now locked up behind imaginary fuckshit

[archywillhe]

@ihatecreatingaccounts Chill. When you sign up for Ethereum, you should be fully aware of risks like this. The same problem occured to me too. I am not able to decrypt the encrypted private key though I'm pretty sure I copied and pasted the right password for the encryption. The important thing here is discussion, and maybe we can figure something out together. I want to get back the money I lost as well.

[Haxtro]

@account-archived-0 If you have a wide idea of the password and there's a significant amount of ETH in there, you know where to find me!

[sdiman]

i got the same with this wallet! I have MacOS. and i generated strong pass

[sdiman]

Solved it.I sent my money finally from this wallet. If you using Mac OS, and have similar problem, contact me in skype (steals88).
Im not sure about windows users

[lkknguyen]

Has anyone an update to this, my password has special / unicode characters such as +@!=ê (no space) and during the creation process I believe I copy/paste and show/hide password to check. Sent a few coins and now it doesn't work to get out, very frustrating. Need help. Use the same pw for 3 acc, main & 1st do not work, but 3rd does. Let me know if someone found any possible transformation bug during the password creation process.
(wallet version 0.8.10)

[lkknguyen]

I've just unlocked this, anyone who has their password with ! on MacOS/Mist 0.8.10 (maybe same bug with other), try to write your pass on Mac TextEdit.app and paste to geth client .\geth account update 0x.... and see if it works.

Definitely a bug not on different charsets between MacOS apps e.g TextEdit / terminal Geth or Wallet client. Hope this help.

[diegopau]

Can someone reopen this? To me it is clear that when using MacOS (not sure about other OS) and copying some specific unicode characters into the Mist password field, some of them get transformed into a different character. Please read my comment above.

[Haxtro]

@diegopau I've kinda given up on trying to get this bug fixed, I'm afraid they won't. Instead, just use MyEtherWallet, that'll do.

[kooweele]

This MIST looks like an ETHER TRAP. I created a new account , typed in password , use "show password" to copy it into a NOTEPAD. After depositing some ether into this wallet, I am unable to send it anywhere else with the "wrong password" error!

This is SO ridiculously flawed.

[ihatecreatingaccounts]

yeah, but my ether are still in my account, i checked recently, so i dont believe its scam. 2017-12-10 10:25 GMT+01:00 kooweele <notifications@github.com>:

…

This MIST looks like an ETHER TRAP. I created a new account , typed in password , use "show password" to copy it into a NOTEPAD. After depositing some ether into this wallet, I am unable to send it anywhere else with the "wrong password" error! This is SO ridiculously flawed. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2077 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AcyzhwW1Z3Qb63SZBXv99-K3K2GKDm02ks5s-6OBgaJpZM4MsGb5> .

[p0mmi3]

So I tried @lkknguyen way as I do have a '!' in my passphrase, however I use windows. I copied from Notepad where I had originally saved my passphrase but it still doesnt work.

I have the same passphrase for my main account and it works perfectly. I entered the same password for the second account yet it has a issue. I really don't want to lose out on the ether in that wallet. Is there any way around the special character issue ?

[shovrocks]

I have the same issue, I have the @ symbol on my pass and I can't access it.

I've read on #2077 that there is a tool called Ethcracker (used by @Haxtro), you put words and symbols associated with your password and it may recover it. But so far, I have not being able to pinpoint that specific tool, and the only thing I've found is this:
https://github.com/KarmaHostage/ethcrack/tree/1e0aafc6644b03686fdbb4d5827895410fe3b1d3

But I haven't found a way to make it work. Any ideas?

[Haxtro]

@shovrocks Try this! https://github.com/lexansoft/ethcracker

[shovrocks]

@Haxtro... Thanks!!! gonna try it right now, and will update soon hopefully with results.

[jeycreative]

@lkknguyen Thanks for your input on this. I am having the same kind of problem ( OS X and password containing "!". Could you maybe describe more in details how you were able to solve the problem. Was their any output change when pasted in the command line ? equal or more than 8 characters ? with maybe the exclamation point at the end ? Glad you were able to get your Money back 👍

[7iain7]

its possible @ got converted to %40 ect.. example is password was: pass@word try pass%40word
https://www.obkb.com/dcljr/charstxt.html
%21 ! Exclamation mark
" " %22 " Quotation mark
# %23 # Number sign
$ %24 $ Dollar sign
% %25 % Percent sign
& & %26 & Ampersand
' %27 ' Apostrophe
( %28 ( Left parenthesis
) %29 ) Right parenthesis
* %2A * Asterisk
+ %2B + Plus sign
, %2C , Comma
- %2D - Hyphen
. %2E . Period (fullstop)
/ %2F / Solidus (slash)
0 %30 0 0
1 %31 1 1
2 %32 2 2
3 %33 3 3
4 %34 4 4
5 %35 5 5
6 %36 6 6
7 %37 7 7
8 %38 8 8
9 %39 9 9
: %3A : Colon
; %3B ; Semi-colon
< < %3C < Less than
= %3D = Equals sign
> > %3E > Greater than
? %3F ? Question mark
@ %40 @ Commercial at

[jeycreative]

@7iain7 It crossed my mind too. I will generate some dictionaries this week to test this solution. And will post the results here. If successful we can easily create a rule to generate and recover those damn passwords. Best cracking to you all.

[Haxtro]

For a friend of mine I've been trying to crack his wallet for days, but found out that Mist simply replaced his "faulty" character for a space. Worth a try!

[lock]

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.