"Getting Help from Friends" -- Reverse my hash?
#1
Hey all, I've got a few friends who want to volunteer their GPU's for cracking.

If I just send them my output hash for an Ethereum wallet, for example -- can they reverse my wallet file?

They'll end up with the password, but not necessarily the wallet file to open the account. Of course they'll need the output hash for the wallet, but can they now have both and bypass me?
#2
In general (if we do not look at ethereum pre-sale) it's not always the case that only by having found the password corresponding to a certain hash you can access data of the owner of the hash (if no additional data is provided, e.g. like service the hash was extracted, user names/email etc...). therefore some hashes could be less sensitive

But there are some exceptions... and unfortunately ethereum pre-sale and some very few other algorithms (like encrypted and compressed 7-zip data - "hashes" - etc) are among those.

For the pre-sale algorithm we know that by having the raw seed you can generate the private key (see https://github.com/tagawa/website/blob/f...ool.py#L53)... unfortunately the "hash" also needs to include the encseed which is used to verify if the password recovery is correct (ethpriv = sha3 (seed) vs the hash bkp = sha3 (aes_256_cbc_decrypt (pbkdf2 ($pass, $pass, 2000), $iv, $encseed) . "\x02") where the seed itself is just part of that calculation i.e. seed = aes_256_cbc_decrypt (pbkdf2 ($pass, $pass, 2000), $iv, $encseed)).

Therefore, in theory a ethereum pre-sale "hash" includes all the information that could be (mis)used to empty the wallet after the password was discovered/recovered.
#3
My god you're a smart man. Thanks for the knowledge. 

I trudge on... Smile
#4
This discussion would also be interesting here: https://hashcat.net/forum/thread-6405-po...l#pid39256

Basically, if you can reveal at least the last 2 blocks (2*16 bytes = 32 bytes) of the encseed and you know the encseed length and ideally also the raw seed length (which might be always the same!), you could perform an attack on the padding bytes (PKCS#7) without even the need to reveal the seed, bkp, ethereum address etc (of course also without leaking the public and private keys)
#5
Wow, good to know!