Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20171217143420.GA20976@lonestar>
Date: Sun, 17 Dec 2017 20:04:20 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Cc: uber90ayear@...il.com
Subject: Re: Password from salted Hash, Make a $500 before
 christmas

On Fri, Dec 15, 2017 at 04:35:49PM -0800, Thomas Meyers wrote:
> I need to get a password out of a salted hash. I think I know the
> first 7 letters and I think it is only 10 letters long.
>
> I bought some B2BX tokens during an ICO. When I bought them I was
> prompted to enter a password, which I did. I was then given a JSON
> file, which I have. Now the ICO is complete and the tokens have been
> added to a (www.myetherwallet.com). If you follow that link, at the top
> of the page you will see "Send Ether & Tokens", press that. Those are
> the options to open the wallet. The only option I can use is
> "Keystore / JSON File". The problem is I don't have that password.

Hi,

Just to recap, once I visit https://www.myetherwallet.com/#send-transaction,
I see an option "Keystore / JSON File" for the "How would you like to
access your wallet?" question.

Clicking on this option allows me to upload my MyEtherWallet format
wallet, and I am prompted for a password with a "Your wallet is
encrypted. Good! Please enter the password." message.

My test wallet's name is "UTC--2017-12-3229e9dd6205edb1638fec28843d",
and its contents are,

---

{
    "version": 3,
    "id": "XXXaa9-7afc-41aa-be8f-0a803fdca0e9",
    "address": "XXX3043a7d3229...",
    "Crypto": {
        "ciphertext": "XXX5ba65dec4d32...",
        "cipherparams": {
            "iv": "7XXX21a3246f59bb722ab5acd54"
        },
        "cipher": "aes-128-ctr",
        "kdf": "scrypt",
        "kdfparams": {
            "dklen": 32,
            "salt": "XXXab9e48297c413e10..",
            "n": 1024,
            "r": 8,
            "p": 1
        },
        "mac": "XXX102ae63"
    }
}

---

Does your JSON wallet file have similar contents in it? Are you able to
make sure that your JSON file is a MyEtherWallet format wallet file?

If yes, you can use ethereum2john.py to extract a "hash" out of this
JSON wallet file. Then you can john for cracking the extracted hash.

$ ../run/john --test --format=ethereum  # i7-6600U
Will run 4 OpenMP threads
Benchmarking: ethereum, Ethereum Wallet [PBKDF2-SHA256/scrypt... AVX2]
Speed for cost 1 (iteration count) of 1024
Raw:	1587 c/s real, 432 c/s virtual


If not, how does your JSON wallet file look like? Posting the structure
of the JSON wallet file without including any of its contents is safe.

> Is it possible to give a hacker just the salted hash out of the JSON
> and let them try to extract it?

Please do *not* share your extracted hash with anyone you don't trust.

-- 
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.