|
Message-ID: <20171217143420.GA20976@lonestar> Date: Sun, 17 Dec 2017 20:04:20 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-users@...ts.openwall.com Cc: uber90ayear@...il.com Subject: Re: Password from salted Hash, Make a $500 before christmas On Fri, Dec 15, 2017 at 04:35:49PM -0800, Thomas Meyers wrote: > I need to get a password out of a salted hash. I think I know the > first 7 letters and I think it is only 10 letters long. > > I bought some B2BX tokens during an ICO. When I bought them I was > prompted to enter a password, which I did. I was then given a JSON > file, which I have. Now the ICO is complete and the tokens have been > added to a (www.myetherwallet.com). If you follow that link, at the top > of the page you will see "Send Ether & Tokens", press that. Those are > the options to open the wallet. The only option I can use is > "Keystore / JSON File". The problem is I don't have that password. Hi, Just to recap, once I visit https://www.myetherwallet.com/#send-transaction, I see an option "Keystore / JSON File" for the "How would you like to access your wallet?" question. Clicking on this option allows me to upload my MyEtherWallet format wallet, and I am prompted for a password with a "Your wallet is encrypted. Good! Please enter the password." message. My test wallet's name is "UTC--2017-12-3229e9dd6205edb1638fec28843d", and its contents are, --- { "version": 3, "id": "XXXaa9-7afc-41aa-be8f-0a803fdca0e9", "address": "XXX3043a7d3229...", "Crypto": { "ciphertext": "XXX5ba65dec4d32...", "cipherparams": { "iv": "7XXX21a3246f59bb722ab5acd54" }, "cipher": "aes-128-ctr", "kdf": "scrypt", "kdfparams": { "dklen": 32, "salt": "XXXab9e48297c413e10..", "n": 1024, "r": 8, "p": 1 }, "mac": "XXX102ae63" } } --- Does your JSON wallet file have similar contents in it? Are you able to make sure that your JSON file is a MyEtherWallet format wallet file? If yes, you can use ethereum2john.py to extract a "hash" out of this JSON wallet file. Then you can john for cracking the extracted hash. $ ../run/john --test --format=ethereum # i7-6600U Will run 4 OpenMP threads Benchmarking: ethereum, Ethereum Wallet [PBKDF2-SHA256/scrypt... AVX2] Speed for cost 1 (iteration count) of 1024 Raw: 1587 c/s real, 432 c/s virtual If not, how does your JSON wallet file look like? Posting the structure of the JSON wallet file without including any of its contents is safe. > Is it possible to give a hacker just the salted hash out of the JSON > and let them try to extract it? Please do *not* share your extracted hash with anyone you don't trust. -- Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.