Password Wrong

[heffaycop]

This is a ridiculous problem. I KNOW what my password is. But just to be sure, I've entered every possible variation of every password I use for anything. Still nothing. I'd really like access to my ether. Can anyone help???

<!--

Check the already existing issues to keep duplicates at a minimum.


You'll find possible solutions for these common issues below on Mist Wiki: https://github.com/ethereum/mist/wiki.

- Ether is not shown in the wallet
- I send ether to the wallet contract but it doesn't show up
- Mist is synchronized but is stuck during the last part
- "Your computers time is out of sync!" error
- Unable to find peers
- My transaction is not confirmed
- Account can't be unlocked
- Unable to import pre-sale wallet
- Bind address already in use


When creating this issue, if possible add the following to your report:
- Screenshots
- Check the console, of Mist (`CTRL/CMD + ALT + i`) and take a screenshot
- Log files
  - go to `menu -> accounts -> backup -> application data`
  - zip and upload `node.log` and all other `node.log.X` files

 -->

[andirayo]

I have the same issue and after searching the internet, this seems to be a recurring issue of many users of Ethereum Wallet. I installed the Ethereum Wallet v0.7.4 around June 9th 2016 and invested in Ethereum using Shapeshift.io (BTC -> ETH).
Now, over a year later I want to access and move my ETH. I have no problem moving the ETH of my "Account 1", but when trying to move my ETH from the "Main Account (Etherbase)" I get the "Wrong Password" problem. I always use the same password for Ethereum and it makes no sense, that I would use different passwords for my two accounts. I also already tried ~900,000 combinations of typos of my password using pyethereum with no success.
I strongly believe, that the problem is somewhere else. What could have happened, when I started my Ethereum Wallet in June 2016? Is it possible, that the "Main Account (Etherbase)" gets set up with a default or a random password? Please help, I exhausted all options, that I could think of.

As a side note: It is incredibly annoying -for over a year- to see your Ether in your wallet, thinking everything is fine, only to be asked for a password a year later when you finally want to move those Ether. This is silly design! Ask for the password on every start of the Ethereum Wallet - that makes so much more sense... also from a security point of view, making sure, that users don't forget their password.

Additionally: I tried to reproduce the problem downloading the v0.7.4 that I used in the past, but that version does not successfully start and apparently cannot connect to a Node/server.

[Twinfin]

I have the EXACT same issue here. I have backed up the Keystore file & password. I've diligently synced the chain and upgraded the software and seeing the ETH in my wallet (Etherbase) thinking they are safe. Now that it's time to move them to my Ledger the password fails. I'm more than sure I've used the right password and tried every variation to no avail. Apparently there's a ton of folks out there with the same problem, so is there no workaround to solve this issue by now?
Plz advise..
TIA

[theetera]

I also have the same problem with " Wrong password" issue. I have 4 accounts which used to be :
Account 1 ( Main account ) and Account 2,3,4.
When I just update the lastest Mist and Wallet version 0.9.2. The Account showed as :
Main account and Account 1,2,3.

Only the last account have problem with " Wrong password" even I use only 1 password for all accounts. There must be some hidden problem for sure.

Only in the last account I have some hundreds ETH ( and 0.01 OMG for trial transaction ) in there.
I search for solutions intensively all night, even try to use ethercrack but I can't do the coding things, ... Always "wrong password" until now, feel desperate.

[JacoBooster]

Same here, this really is a major issue. I cannot recall that I have to fill in a password, but if I have to all fill it in I always use the same logic with with my passwords. So something is very wrong here. In the dozens of logs on this I understood the issues is with special characters, that it stores it differently then what you type. I used the @, no clue what it translates too. Surely, there must be some programmer of the wallet to sort this out? Really frustrating, as I see the other logs we are talking about serious amounts of money being wasted here... Can't there be a massive reset of passwords done? I rather have it hacked then not being able to touch it...

[andirayo]

I also use the @-symbol in my passwords, so if that could be the issue for the password-problem, what possibilities are there, that the @-symbol could have been replaced by in the password?
Let's assume my password is Ab@34 - what passwords should I try to access my wallet with?

[alxlv]

I have the same issue with my 0.9.2 wallet. I used to work with v0.8.9 starting May 2017 and never set up the password for creating main ethereum account and now it's completely blocked.

[JacoBooster]

Incredible. This is pure robbery... How is it possible that everyone here (including myself) is absolutely sure they didn't set a password and that suddenly there is a password on the wallet. How can we fix this?

[alxlv]

I suggest unencrypted private key was created by old Mist <= 0.8.x and no password confirmation (for creation of encrypted private key in keystore) occured. I'm completely sure there was not any password confirmation. It's still possible to unlock the wallet with using unencrypted private key in myetherwallet.com. But if u did not backup the unencrypted key or password your account is completely locked (or u can use brute force method to get password value, yep, madness). So if I'm right a lot of people who started to use old Mist wallet may lost assets after moving from old version to new one. And I did not find any clarification from developers what can we do in this situation (suicide? hard fork?).

[andirayo]

Hi Alex, what do you mean by "It's still possible to unlock the wallet with using unencrypted private key in myetherwallet.com."?
Is it possible to install an old version of the wallet in order to get access?

[alxlv]

Hi andirayo, it's not possible. But if u have saved unencrypted private key than u are able to transfer assets from your account using https://www.myetherwallet.com/#send-transaction (private key option). If not there are no good news for u. After investigation I decided to brute force my password with https://hashcat.net/hashcat/ tool. It supports ethereum wallet scrypt algorithm but the process is really slooow with my GeForce 1060 video card. Folks talking the AMD Ryzen 1700/1800 with 8 cores (16 threads) shows better performance than most of video cards but that's another story. Also I found the service that helps people to break ethereum password for 20% regard, I suggest they use mining rigs and hashcat tool. So it can work especially if u remember part of password. In case of bugs in wallet software may be the community should help us to provide access to mining power for breaking passwords (yep, it's utopia). Or we should wait for quantum computers that break passwords fast.

[alxlv]

Also we can unite into 'The League of Lost Password' and share our computer resources to break passwords. I will try the solution https://github.com/s3inlc/hashtopussy that provides distributed password recovery based on hashcat.

[andirayo]

@AlexLevshin: ok thanks, now I understand your comment about the "unencrypted private key".

[andirayo]

Good news from/for me: After months of not having access to my Ethereum/Mist Wallet and starting to mentally give up on my Ether, I was able to gain access yesterday.
After checking 47 million passwords, I was able to find the password, that my wallet-file was encrypted with. Incredibly, I had apparently mis-typed one letter ("i" instead of "e"), even though, I used the "correct" password (without typo) for my 2nd wallet, that I had created only minutes later.
I was able to find my password by using pyethereum (https://github.com/ethereum/pyethereum) and a self-written script, inspired by https://github.com/danielchalef/pyethrecoverv3 and https://github.com/burjorjee/pyethrecover.

Step 1: I created a list of all password-parts, that I had ever used for anything.
Step 2: By combining the password-parts in any thinkable way, I created a list of 47,372 passwords, that I could have used as passwords for my Ethereum wallet.
Step 3: For every password, I created all possible typos and other thinkable issues (e.g. caps-lock-key on, omit any character, replace any character by any other character, swap characters, replace special characters by special character encodings, duplicate letters, add spaces, and so on).
Step 4: I cleaned the list (removing passwords < 10 characters, removed duplicates). After step 4, I ended up with over 47 million possible passwords.
Step 5: I checked all 47 million possible passwords by parallel executing my script on the 48 cores (Xeon E5-2690 v3 @ 2.60GHz) of my machine. The speed was about 1.9M passwords/day.
I hope, this inspires some of you to also find your lost password!

[alxlv]

@andirayo, Lucky u! Great news! Yep, I'm moving in the same direction - creation of passwords list. Byt your cracking speed is awesome! The GPU hashcat shows very slow speed ~10-13 passwords/s. I will try hashtopussy solution on couple Ryzen 7 cpus against gpu. Also I tried to run hashcat on cluster of raspberry pi boards but there is no ARM build. Can u share your self written script?

[JacoBooster]

@andirayo, that sounds great. I am not a real techy guy, but maybe I can figure it out ;-) Can you explain a bit more where and how you run those scripts?

[JacoBooster]

5 ETH reward for the one who solves it ;-)

[alxlv]

@JacoBooster You can try wallet recovery service (I do not want to put the link here because did not use the service). They have 100 8 cores machines in Amazon cloud so it's possible to break the password less than life time, especially if u have extra information about it: length, some symbols and so on. The price is 20% of wallet value. I suggest we can share our computing resources to help each other. Technically it's possible.

[JacoBooster]

Thanks @AlexLevshin, I will try that. Better something then nothing...

[alxlv]

@madebyivan, I think it's crucial bug in old wallet version but I did not find any explanations or comments from developers that may bring light on issue. Now the brute force attack is only the option to find our passwords and wallet's creators could not help us - this is math. But they could describe the algorithm generation of default password, if it was set randomly than what the length is or which symbols are being used. It may help us a lot in brute force attack. I do not understand why they completely ignore the problem. May be they hide the huge security hole in software that can lead to massive wallet hacks.

[madebyivan]

I think it's going from one version to another, it's as if they had several types of encrypted / decrypted, in both versions, you get on your website and download the wallet, then the update poster, just open the app I already thought it was weird, but I say, well nothing happens, I'm an unhappy ...

I remember perfectly saying after I put the password, I gave the skip, skip, skip, then it was hung, I returned it open and I had the account created, at some point it does, I'm trying to replicate it, if they are created by default that we tell how is that password that generates, length, symbols, alphanumeric ?? I do not want to be bad thought but it seems that this fact wanting ... people do not know it and also will happen to them, I have more than 300 passwords in 1password, I have never had any problem with my passwords, ever! I've been in the computer for 20 years, do not make me believe that I've put a punch in my hand, I did not put it on !!!!

Then it seems rude to me that I only ask for the password when trying to get out, but when I enter nothing ... Or because I do not ask for it when I start the program, it seems that I want to do it, but I repeat I do not want to be badly thought!

People have to know, this is a scam !!!

Maybe the business model of this currency is that ... find the password, like https://walletrecoveryservices.com

One solution would be to be able to move money from one account to another without a password if you are on the same computer, but seeing that they wash their hands, the only way we can do something is to unite all users and make it public!

[JacoBooster]

Totally agree, as I said earlier this is pure robbery. Lets unite!

[alxlv]

@madebyivan, I completely agree with you because I'm security paranoid too and store all my passwords for the last 10 years. Specially for working with crypto-currencies I installed Qubes OS and do not have any troubles with other cryptos. It's not possible to implement transfers between wallets on the same computer without password because of the nature of blockchain technology. May be the hard fork can revert transactions but it's also look absolutely unlikely and not solve all the issues. For now we should know more about default password algorithm and try to break them. We can unite into community and share our computing resources to increase the time of cracking. And of course receive some comments from developers. They should double check and investigate the problem more deeply!!!

[elpollitodiablo]

I am having this issue, too. I could circle my problem to a special character which I was using in my Password: ß. Do the following:

geth attach
personal.newAccount()

use passphrase FusRoDah
0xAccountA is created (replace 0xAccountA with hash)

personal.newAccount()

use passphrase FußRoDah
0xAccountB is created (replace 0xAccountB with hash)

Run this:

personal.unlockAccount('0xAccountA', 'FusRoDah')
true

and then

personal.unlockAccount('0xAccountB', 'FußRoDah')
Error: could not decrypt key with given passphrase

My setup: Windows 10 64-bit - CMDER (PowerShell produces the same error)

instance: Geth/v1.7.2-stable-1db4ecdc/windows-amd64/go1.9
modules: admin:1.0 debug:1.0 eth:1.0 net:1.0 personal:1.0 rpc:1.0 txpool:1.0 web3:1.0

Mist version 0.9.3 won't let me do any transactions, which lockes my wallet.

EDIT: I forgot: I tried screwing with the encoding of the ß. Things I've tried replacing it with: �, ß and nothing/removing it

[alxlv]

@elpollitodiablo

Is it correct code snippet?
personal.unlockAccount('0xAccountA', 'FußRoDah') Error: could not decrypt key with given passphrase
You create the 0xAccountB with password 'FußRoDah' not 0xAccountA.

[elpollitodiablo]

Yes, you're right, I'm sorry. I edited my comment

[theetera]

Just to update my case, after a month of keep trying to put coding things which I can't do well
and guess all possibility of my passwords including all kinds of typo errors.
finally I'm able to unlock my account.
It's my typographic error accidentally happened only with this wallet account.
Thank you to all shared info here.

[evertonfraga]

Duplicate of #2411.

[Creator77]

We faced the similar issue with Mist 093 and Geth 173.
Password was long but has only one symbol - dot. Like "AbC1.1CbA". After investigation and several tests we found out that all password part after dot(and dot too) was simply ignored. And the correct password was "AbC1". Hope it helps to unlock several "Wrong password" accounts.
If it helps, You could say "thank you" here:
0x0e059f27e20d6799d099720b27b21a7eccb1ad96

[madebyivan]

You could enable move the money from one account to another in the same wallet if you are on the same computer without a password? this would be a great solution for all!!!!

[JamesDall]

@madebyivan, sadly that would be impossible to do as every account is separate, and passwords are used to encrypt the private key, so cannot be changed by anyone if lost, not even the CIA.

[wolovim]

I'm unable to reproduce @elpollitodiablo or @Creator77 's scenarios on mac or windows 10 VM with geth 1.7.2 or 1.7.3. I'm trying everything to reproduce this issue - if you guys are able to do so again, please document the steps to the best of your ability and share them 🙏

[j12342]

Same issue I was never asked to create a password. Did have trouble syncing initially but when I did I could see my balance but not transfer as I dont know the PW as I never set one. have tried all of my usual pws.

[wolovim]

Closing this issue in favor of #3513. If you're able to reproduce any related bug, please help us out by documenting the detailed steps in that issue. Thanks!

[evertonfraga]

Hi @Creator77, I'm very interested in your case.

Once you managed to have access to your keystore, would you be willing (after moving all assets to another account) to provide me the private key and intended + working password?

I couldn't reproduce your description after many tries — and @marcgarreau as well.

E-mail me at: ev [at] ethereum [dot] org.

[ontheronix]

@elpollitodiablo Have you tried personal.unlockAccount('0xAccountB', 'Fu'), like @Creator77 suggests?

[lock]

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.