New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unicode characters in account password #2077

Closed
Steveseagal opened this Issue Mar 28, 2017 · 30 comments

Comments

Projects
None yet
@Steveseagal

Steveseagal commented Mar 28, 2017

System information

Version: `0.8.9`
OS & Version: windows
Node type: `geth(default)`

I created a new account with a password containing a unicode special character, in this case � (REPLACEMENT CHARACTER).
See http://www.fileformat.info/info/unicode/char/fffd/index.htm

The account could be created in Ethereum Wallet and as well with the command “geth account new”.
The password confirmation dialogue – in both approaches - apparently worked out as well.

Now when I am trying to send some ether to another wallet, the password dialogue tells me that the password is wrong/not valid. Are there any known issues with unicode characters in passwords, or do I need to "escape" / mask those characters in a special way?
Means for example: the character � with "\uFFFD" or Alt +FFFD see http://www.fileformat.info/info/unicode/char/fffd/index.htm

Github Documentation:
https://github.com/ethereum/go-ethereum/wiki/Managing-your-accounts#account-update

BTW, what is the max password length?

Any help / hint is greatly appreciated.
Cheers Steve

@diegopau

This comment has been minimized.

diegopau commented Mar 31, 2017

I had similar issue. 3 days ago I created a Ethereum account with Mist and I used a password generator (I use KeePassX) to generate a password containing symbols like ˆ(+'
I am pretty sure nothing was wrong on the process, I copy pasted the password, that's all I did. Now when trying to send my Ether somewhere else I get a "wrong password" message. I used a 25 length pass. Is it possible that some of those characters weren't accepted? or that they were converted to something different?

@luclu luclu self-assigned this Mar 31, 2017

@JosLazet

This comment has been minimized.

JosLazet commented Apr 2, 2017

Hm, I'm having the exact same problems as diegopau.. The generated password, which I double checked before making a 50 eth transfer. Now I can't touch them..

Did you find any solutions yet?

@luclu

This comment has been minimized.

Member

luclu commented Apr 10, 2017

AIFAK geth does support unicode characters in passwords.

To be sure I tried to reproduce the described behaviour with the simple password "�", but failed, thus couldn't confirm the issue. Creating the account as well as sending Ether from the account does work. Please make sure this isn't caused by a mistyped/wrong password.

Please provide a simple test case/instructions on how to reproduce this behaviour.
I will close this issue for now.

@luclu luclu closed this Apr 10, 2017

@diegopau

This comment has been minimized.

diegopau commented Apr 10, 2017

Hi, I have to say that I tried creating a new account and using the exact password and I supposedly used previously and this time I didn't have any issues. So even if I can't be 100% sure I can assume that for some reason I didn't copy correctly the password from the password manager and whatever I pasted when created the Ethereum account was something i previously had on my clipboard. It is the only explanation.

With that said. That happened after a week of trying around 25 different cryptocurrencies, and in every wallet I can remember, you are asked for your password at some point when you reopen the wallet. In Mist, everything seems to be designed so you don't realize that you don't know your password until you really need it to access your Ether. Hasn't been suggested to do this userflow in a different way to prevent people losing their Ether just as I did?

@arrchyy

This comment has been minimized.

arrchyy commented Jun 24, 2017

I believe there is a bloody bug in copy-pasting password into the field for the mac app and i lost 1.6eth thanks to that. fucking hell.

@Haxtro

This comment has been minimized.

Haxtro commented Jun 24, 2017

Update regarding my wallet, I cracked mine after two months of work using the ethcracker tool and retrieved a decent sum of eth. Don't give up guys, it's worth it...

@arrchyy

This comment has been minimized.

arrchyy commented Jun 24, 2017

@Haxtro how did you go about cracking the password? Are there like special characters or spaces added to the actual passcode so you tried randomly inserting chars/spaces to the string? Or did you just try all the permutations?

@Haxtro

This comment has been minimized.

Haxtro commented Jun 25, 2017

In the end I made a list with about 28.000 words to try. Took me really a lot of time and testing in the meantime, but worked out. For me, it was a combination of two spaces and a weird character. My password generator used an apostrophe, but there are many forms. My Mac had 'smart quotes' on, which caused a lot of trouble. This in combination with the still existing bug in Mist not allowing characters while typing, but allowing them when "show password" is on caused a lot of trouble. But I'm glad to have my 40 eth back now (:

Let me know if I can help! Took me a long while to get a wallet bruteforcer working (all the old tools don't work with v3 wallet format).

@diegopau

This comment has been minimized.

diegopau commented Jun 25, 2017

@Haxtro @account-archived-0 wow! your post here inspired me. At the beginning I was sad that you made me remember that tragic incident. I have to say that in my case it was a smaller amount of bit more than 3 ether, but well, they are worth more now than back then!

I hope this might help someone else or even point out a problem (not sure if on Keepass, MacOS, Mist, or just me doing it wrong).
I decided to give it a try again today, not really sure what to try because I had tried everything months ago... I had still my old password somewhere, the one that was supposed to work but didn't work. So I took it again and I looked at it, thinking on what to try. Well it turns out that Keepass had generated a long password with the symbol ˆ and all i had to do is to try replacing it with the symbol ^. And that's it, it worked.
Now the thing is (and this I am not 100% sure as it was long ago). I am quite sure that when I first gave the password to Mist I just copied pasted whatever Keepass generated, so I should have pasted it with the symbol ˆ and I suspect that on Mist password input fields it got converted it to ^. But I can't be sure, I might have been as well that I entered it manually (but that is something i never do)... when typing, the first time you press in your keyboard SHIFT+6 it generates ˆ (to write things like ô) and only if you press space afterwards it transforms to ^.
So anyways, I recovered my Ether, and even a bit of REP! Good thing that I kept the wrong password just in case... I hope some other people have also luck recovering their accounts.

@arrchyy

This comment has been minimized.

arrchyy commented Jun 25, 2017

@Haxtro @diegopau thanks for sharing your stories here man! Really appreciate that :D

I generated my password using an algorithm of mine and it has a lot of symbols like '[]{}()]/>#! and maybe even tabs so I think it is probably the case that the password string underwent a transformation due to some needless char conversion from utf8 to a subset of it before being fed to aes128 for the encryption.

Also I fiddled with show password a bit before pressing enter (fucking hell I just wanted to confirm that what has been copied & pasted into the textfile is indeed my password).. so that can indeed be where the bug is.

@ihatecreatingaccounts

This comment has been minimized.

ihatecreatingaccounts commented Jul 15, 2017

i fucking hate ether, i didnt set a password, all my ether now locked up behind imaginary fuckshit

@arrchyy

This comment has been minimized.

arrchyy commented Jul 27, 2017

@ihatecreatingaccounts Chill. When you sign up for Ethereum, you should be fully aware of risks like this. The same problem occured to me too. I am not able to decrypt the encrypted private key though I'm pretty sure I copied and pasted the right password for the encryption. The important thing here is discussion, and maybe we can figure something out together. I want to get back the money I lost as well.

@Haxtro

This comment has been minimized.

Haxtro commented Jul 27, 2017

@account-archived-0 If you have a wide idea of the password and there's a significant amount of ETH in there, you know where to find me!

@sdiman

This comment has been minimized.

sdiman commented Jul 27, 2017

i got the same with this wallet! I have MacOS. and i generated strong pass

@sdiman

This comment has been minimized.

sdiman commented Jul 28, 2017

Solved it.I sent my money finally from this wallet. If you using Mac OS, and have similar problem, contact me in skype (steals88).
Im not sure about windows users

@evertonfraga evertonfraga added the v0.8.9 label Jul 28, 2017

@lkknguyen

This comment has been minimized.

lkknguyen commented Aug 25, 2017

Has anyone an update to this, my password has special / unicode characters such as +@!=ê (no space) and during the creation process I believe I copy/paste and show/hide password to check. Sent a few coins and now it doesn't work to get out, very frustrating. Need help. Use the same pw for 3 acc, main & 1st do not work, but 3rd does. Let me know if someone found any possible transformation bug during the password creation process.
(wallet version 0.8.10)

@lkknguyen

This comment has been minimized.

lkknguyen commented Aug 25, 2017

I've just unlocked this, anyone who has their password with ! on MacOS/Mist 0.8.10 (maybe same bug with other), try to write your pass on Mac TextEdit.app and paste to geth client .\geth account update 0x.... and see if it works.

Definitely a bug not on different charsets between MacOS apps e.g TextEdit / terminal Geth or Wallet client. Hope this help.

@diegopau

This comment has been minimized.

diegopau commented Aug 25, 2017

Can someone reopen this? To me it is clear that when using MacOS (not sure about other OS) and copying some specific unicode characters into the Mist password field, some of them get transformed into a different character. Please read my comment above.

@Haxtro

This comment has been minimized.

Haxtro commented Aug 25, 2017

@diegopau I've kinda given up on trying to get this bug fixed, I'm afraid they won't. Instead, just use MyEtherWallet, that'll do.

@kooweele

This comment has been minimized.

kooweele commented Dec 10, 2017

This MIST looks like an ETHER TRAP. I created a new account , typed in password , use "show password" to copy it into a NOTEPAD. After depositing some ether into this wallet, I am unable to send it anywhere else with the "wrong password" error!

This is SO ridiculously flawed.

@ihatecreatingaccounts

This comment has been minimized.

ihatecreatingaccounts commented Dec 11, 2017

@pavneet09

This comment has been minimized.

pavneet09 commented Dec 19, 2017

So I tried @lkknguyen way as I do have a '!' in my passphrase, however I use windows. I copied from Notepad where I had originally saved my passphrase but it still doesnt work.

I have the same passphrase for my main account and it works perfectly. I entered the same password for the second account yet it has a issue. I really don't want to lose out on the ether in that wallet. Is there any way around the special character issue ?

@shovrocks

This comment has been minimized.

shovrocks commented Jan 8, 2018

I have the same issue, I have the @ symbol on my pass and I can't access it.

I've read on #2077 that there is a tool called Ethcracker (used by @Haxtro), you put words and symbols associated with your password and it may recover it. But so far, I have not being able to pinpoint that specific tool, and the only thing I've found is this:
https://github.com/KarmaHostage/ethcrack/tree/1e0aafc6644b03686fdbb4d5827895410fe3b1d3

But I haven't found a way to make it work. Any ideas?

@Haxtro

This comment has been minimized.

Haxtro commented Jan 8, 2018

@shovrocks

This comment has been minimized.

shovrocks commented Jan 8, 2018

@Haxtro... Thanks!!! gonna try it right now, and will update soon hopefully with results.

@jeycreative

This comment has been minimized.

jeycreative commented Jan 15, 2018

@lkknguyen Thanks for your input on this. I am having the same kind of problem ( OS X and password containing "!". Could you maybe describe more in details how you were able to solve the problem. Was their any output change when pasted in the command line ? equal or more than 8 characters ? with maybe the exclamation point at the end ? Glad you were able to get your Money back 👍

@7iain7

This comment has been minimized.

7iain7 commented Jan 18, 2018

its possible @ got converted to %40 ect.. example is password was: pass@word try pass%40word
https://www.obkb.com/dcljr/charstxt.html
%21 ! Exclamation mark
" " %22 " Quotation mark
# %23 # Number sign
$ %24 $ Dollar sign
% %25 % Percent sign
& & %26 & Ampersand
' %27 ' Apostrophe
( %28 ( Left parenthesis
) %29 ) Right parenthesis
* %2A * Asterisk
+ %2B + Plus sign
, %2C , Comma
- %2D - Hyphen
. %2E . Period (fullstop)
/ %2F / Solidus (slash)
0 %30 0 0
1 %31 1 1
2 %32 2 2
3 %33 3 3
4 %34 4 4
5 %35 5 5
6 %36 6 6
7 %37 7 7
8 %38 8 8
9 %39 9 9
: %3A : Colon
; %3B ; Semi-colon
< < %3C < Less than
= %3D = Equals sign
> > %3E > Greater than
? %3F ? Question mark
@ %40 @ Commercial at

@jeycreative

This comment has been minimized.

jeycreative commented Jan 19, 2018

@7iain7 It crossed my mind too. I will generate some dictionaries this week to test this solution. And will post the results here. If successful we can easily create a rule to generate and recover those damn passwords. Best cracking to you all.

@Haxtro

This comment has been minimized.

Haxtro commented Jan 19, 2018

For a friend of mine I've been trying to crack his wallet for days, but found out that Mist simply replaced his "faulty" character for a space. Worth a try!

@lock

This comment has been minimized.

lock bot commented Apr 19, 2018

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.

@lock lock bot locked and limited conversation to collaborators Apr 19, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.