"Wrong Password" Issues #3513
Comments
|
Thank you for formalizing this problem, many of us are indeed stressed ;) Unfortunately, I cannot recreate the situation, as I participated in the Pre-Sale event. I've got my ethereum_wallet_backup.json and my notepad document with password on it. It is a very simple password, yet has special characters as per the requirements of the presale. I've been running every type of password cracker there is on this wallet. Currently heavily invested in Hashcat. I suppose the big question I'd like answered is: Does this bug change the hash value because of the input error? I would suspect it does. If a character as ! doesn't get run as that, it would completely change the contents of my .json file to something different. Therefor, my Hashcat will never return as positive. My entire wallet file is now useless, isn't it? Unless we can figure out what the ! character has become, then I can retry running my Hashcat with a formula. Do you still have access to stage.ethereum.org's code? Is there a way we can reproduce the pre-sale problem? Sincerely, |
|
Please reference this bug report, as you can see, it has existed for a long time with PreSale wallets. |
|
👍 |
|
Hey, thanks for the heads up, is "wallet creation during onboarding" supposed to describe wallets that were created while nodes were still syncing? That's what I did and I've seemingly got the problem aswell. I tried installing Mist on a rather old netbook which never managed to finish downloading all blocks (maybe not enough RAM). As the netbook was obviously too slow, I tried opening the keystore file with myetherwallet (there's not much on it, but still…), then noticing my password wouldn't work. Could it be because it hasn't finished syncing? |
|
Hi Ethereum Team, Specs: |
|
@funsh1ne would you please try this? #982 (comment) |
|
|
|
@anormore I'll try to find the presale wallet generator. |
|
I followed the instruction from the google form and after 6 month I could unlock my account!! I used the geth account update methode, I don't know if that's normal behavior or not, account 0 and 1 had the same address. But I'm sure it's not good to also have two separate keystrore files for the one address, which i had. My password that didn't work inside the wallet unlocked one account here, I changed the password and after that I was able the send the coins from myetherwallet. Thanks for the help! |
|
I've been chatting over at the HashCat forums, where Philsmd has given a great amount of insight in to this, from an outside perspective. https://hashcat.net/forum/thread-7181-post-38590.html#pid38590 Here are the cliffnotes:
Thanks @evertonfraga for digging that out. I'll spread the word about your Google Form. |
|
Maybe the problem only happens when the funds have been transferred to the wallet, a rewrite of the UTC file ? Just an idea. The only thing I cannot reproduce is the money transfer and maybe cannot reproduce the issue because of this. |
|
Well, I'll have a look -- but it's a PreSale wallet from August 2014. I've tried the Kraken presale importer, myEtherWallet with no luck. But I'm not really certain what tool will FOR SURE open my wallet. I'll check your solution in #2097 |
|
I'm not sure how to proceed on determining version. Would you like me to submit a copy of my wallet to you? |
|
I too am having the same issue. I have tried on both MEW and Kraken. I was using an English (Australian) keyboard layout. I will try importing on Geth, however my understand of Go language is limited. Are there any details instructions available that anyone would recommend? |
|
A user managed to recover his password playing with different types of accentuation characters. Mind the differences between From a Mac computer:
> "^".charCodeAt(0)
> 94
> "ˆ".charCodeAt(0)
> 710In Windows computers, I believe the similar result can be accomplished as:
More info here: #2077 (comment) |
|
Hello, |
what characters did you use in the password ???? maybe @ and what is the password language? |
I actually have a locked eth wallet with the "@" character in it.. is there a known problem with that? |
I have the same problem. I read a lot of forums. There are people. who claimed that the correct password does not fit, but then it turned out that they used incorrect data. But there are also reports that the @ sign may cause a problem (but there is NO evidence). It was also written on this forum that the dot is sometimes ignored. A couple of days ago they wrote that the \ character also causes some problems. Have you tried typing typos in the password? how many characters do you have ??? |
and I myself discovered that if you use the console (cmd) and copy the password in English, but at this time the system language will be French, for example, then the French version of the password will be inserted into the console !!! although i'm copying English characters |
|
The \ could certainly be a problem as this is normally an escape symbol.
We had a web interface which then passed the password to the back to move it over IPC to the node. Those characters could have Ben problematic on boths ends.
The best way to test it is to to run a local node. Ideally a version from back then and try to unlock the account using the console. Then you’re the closest to the place where it’s decrypted.
Here you can try replacing special characters with its Unicode representation etc.
I hope that helps and the. All your fund will be recovered one day.
|
Do you mean the whole password will be different? or just the special character in french that replaces "@" on your keyboard? |
I say that I opened GET, copied the password into it - Qwerty, the keyboard language was NOT English. Despite the fact that I copied the English characters, the password was transferred to GET from the characters of the language that was currently the default on my system. I discovered this by creating accounts with a password that I already know. The characters @ and others are not related to the problem described above (but users claim that they used them, in the accounts they have lost access to)
|
|
So to try my known password while on the second language(not english) and copy+paste that? Tried brute force as well |
No( |
Tell your password, for the sake of interest and example. And did you beat brute force to the password? |
Give your contacts mail or telegram |
|
|
Is anybody successful in cracking their presale wallet ? Good amount of ETH is stuck in my account. |
|
No, Eth will not release their PreSale wallet web side generator, so we cannot debug it. For all we know it is intentional. Your Eth is GONE. Sorry. ~249.9 Eth :( |
|
Man its very big amount ~15k ETH |
|
~15,000 ETH down the tubes bro. Sorry. 1% chance of recovery. |
|
I don't know why they are not open sourcing the application which was used during presale. |
|
Don't know either. Go ahead and try to cause an alarm about it, but you'll be ignored. Tinfoil hat time bro. |
|
If you dig in this thread, you will see I PROVE their account generation logic is able to be broken. Never acknowledged, never fixed. Not even in presale, in regular software. |
|
Hey @evertonfraga , Is there any issue in open sourcing the pre sale web application? Can you please open source it so that we can generate password permutations according to the application. If a bug is really there we can try other password possibilities. |
|
I have long followed this thread because I am in a similar situation. 2000 ETH stuck in a presale wallet. Very disappointing overall. Participated in the Google Doc a while back; heard no follow up. @AndyNormore is, I think, appropriately abrasive given the number of people left in the lurch on this. What is the reason behind not releasing the specs of the presale web app? Would doing so represent a threat to another Ethereum component, or do you guys just not have access to it any longer? |
|
@watcherwall the web app was mentioned above: #3513 (comment) You can easily see the whole code at archive.org (and github, see link below) , I also explained some steps how to generate new wallets with that code above. https://github.com/ethereum/www/tree/514c99663ebd5b276652ee1be377e560a092fbbf |
|
@watcherwall Ethereum is a bugged software and your coins are gone bro. If you look somewhere I above, I PROVE that you can generate busted wallets. Literally no response from @philsmd or acknowledgement. I gave up on this years ago. |
|
Hey @philsmd , I've tried all the possibilities of the passwords I use, but I am not successful in that. Is it possible to crack the PBKDF2-HMAC-SHA256 with plain brute-force using printable characters and I am ready to spin up the vms in cloud with max computation power, I noticed we can reach max of 616.6 kH/s. |
|
@anormore I think this is a huge misunderstanding/mix-up/misconception: I have nothing to do with ethereum and these projects (geth or mist). I'm not a holder of eth, nor do I work for any of these foundations etc... I just got interested in this "problem" a while ago, because there were a LOT of users in the hashcat (the password cracker) forum and github issues that were very eager about hashcat developers to implement the "Ethereum algorithms" to recover their password because of the so-called "the Ethereum bug" (I remember that a lot and it got quite annoying/toxic, because hashcat has also nothing to do with this problem besides now supporting the algorithms). We also saw a lot of different problems and we also need to admit that when searching for related problems, there were also a lot of user-introduced problems/misunderstandings/misconceptions. Like users that didn't believe that they set any password, but later found out that they stored the password in a .txt file or password manager etc. There are so many different cases and probably a lot are PEBCAK (but I also believe, and kind of proofed with my discoveries above, that not every problem 100% is a user-only problem). Maybe you mixed-up @philsmd with @PhilippLgh , but I think that's also not a good idea to blame somebody that maybe didn't really work with ethereum for a long time or this project especially. We should actually stick to some new findings/discoveries, instead of blaming a single person for a problem he/she isn't really responsible or at least is not her/his fault. I don't feel like I need to acknowledge anything here, I don't work with ethereum, I have more or less nothing todo with this (except for implementing some hashcat cracking code for recovering ethereum passwords etc). @51r1u5 unfortunately password cracking (normally) doesn't work like this... if the hash (password verifier/checksum) was generated/hashed with a very specific algorithm, you also need to use that algorithm to test if the password is correct. you can't just use raw SHA256 instead of highly iterated PBKDF2-HMAC-SHA256, just because it internally uses some kind of sha256... there are many other examples like this (md5crypt can't be cracked with just md5, just because the name includes a "md5" substring etc etc etc)... If the algorithm is different, you need to use that specific algorithm in general (of course in general and as a very, very, very, very rare excepetion there could be some cryptographic flaws within the algorithm itself, but that would be a scandal and of course nobody would use the "correct algorithm" if there exist a shortcut and of course as far as I know there is no way to use a different and/or faster password recovery attack than the one already implemented in a lot of password crackers). |
|
Please all, never ever ever send your account details to anyone on the
internet! This account offering recovery services was created 8 hours ago.
It is obviously a phishing scam.
There is absolutely zero link between "address generation" and your
encryption password.
…On Sat, Sep 5, 2020, 07:17 watcherwall ***@***.***> wrote:
@pie5Aequ <https://github.com/pie5Aequ> Care to elaborate on the process
more so as to seem less scammy?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3513 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA7UGPOZCOM2NT7KKPF6UDSEG3WFANCNFSM4EKTR4EA>
.
|
and others
Description
For many people, creating an Ethereum wallet is the first time they'll be creating an "account" with no password recovery service. Mist and Ethereum Wallet have consistently had issues filed related to users being locked out of accounts. In the Mist UI, this is visible via a "Wrong Password" error notification when attempting to use a given wallet.
Fortunately, many of these issues are resolved by users remembering they had used a different password, or discovering they made a typo in their password, sometimes with the help of a brute force password recovery tool, like pyethrecover.
Unfortunately, still many reports exist with users certain of their password and unable to unlock their wallets. Many of these reports insist that the incident is the result of a bug in the application and we take those claims very seriously. Each of these issues reported have their own nuances as to how they occurred, e.g. moving wallets to another machine, wallet creation during onboarding, specific language keyboards, use of special characters, during Mist version upgrades, and so on. Every one is researched and tried to reproduce.
If you're in this situation, we know you're in a very stressful position and we haven't abandoned you. We do, however, need your help. If a bug exists, our team has been unable to reproduce it yet. If you are able to, it would be of tremendous help to us if you would share the precise steps you took and your relevant system specs (OS, keyboard language, app version number, geth version number).
Specific example links:
special character usage: Password Wrong #3176 (comment)
solved by downgrading Mist version: Wrong password #2411 (comment)
keystore folder clear resulting in new wallets created: Don't let the Keystore folder clear so easy! #3426
pw works on first but not subsequent wallets:
norweigan keyboard use: Wrong password #2411 (comment)
success with pyethrecover: Password Wrong #3176 (comment)
Related issues:
NOTE: please keep this issue substantive and don't comment to say "I'm having this problem too." Use your emojis instead, please 😄
The text was updated successfully, but these errors were encountered: