"Getting Help from Friends" -- Reverse my hash?

[philsmd]

In general (if we do not look at ethereum pre-sale) it's not always the case that only by having found the password corresponding to a certain hash you can access data of the owner of the hash (if no additional data is provided, e.g. like service the hash was extracted, user names/email etc...). therefore some hashes could be less sensitive

But there are some exceptions... and unfortunately ethereum pre-sale and some very few other algorithms (like encrypted and compressed 7-zip data - "hashes" - etc) are among those.

For the pre-sale algorithm we know that by having the raw seed you can generate the private key (see https://github.com/tagawa/website/blob/f...ool.py#L53)... unfortunately the "hash" also needs to include the encseed which is used to verify if the password recovery is correct (ethpriv = sha3 (seed) vs the hash bkp = sha3 (aes_256_cbc_decrypt (pbkdf2 ($pass, $pass, 2000), $iv, $encseed) . "\x02") where the seed itself is just part of that calculation i.e. seed = aes_256_cbc_decrypt (pbkdf2 ($pass, $pass, 2000), $iv, $encseed)).

Therefore, in theory a ethereum pre-sale "hash" includes all the information that could be (mis)used to empty the wallet after the password was discovered/recovered.