How are Litecoin wallets encrypted?
#1
I'm still new to hashcat so if there is a kind soul out there that is willing to shed some light onto my situation I would greatly appreciate it.

So I've got an old Litecoin Core wallet from 2013 (even have the old wallet exe file too!) that is locked. I roughly know what the password is but I wanted to understand the decryption process better so I made a blank wallet and set the password to 12345.

I ran pywallet on it and got this section at the end with the encrypted private key hash and salt:
Encrypted Key: bdb6bcd04421558ddf7944814de5c7c25817d63a3a71dcf9777c784c4fdc7e459169452582f57551753ceb126402834a
Salt:
     4d123683488a3c0f

This is where my understand of encryption drops though. My theory is that this is SHA384 purely due to the length of the hash but if SHA384 is a truncated version of SHA512 then is there a way I can convert this to SHA512 with a salt and then just run that through hashcat?

Also, I have run JTR on this test wallet as well and I can crack that no problem (cause the pass is only 12345) but my speeds are only around 7,000 H/s (running a 7950 and a Vega 64).

But if the Litecoin private key encryption is truely only SHA384 or SHA512 then shouldn't I be able to take advantage of the speeds of SHA512 decryption?

Like I said I'm still new to this so if anyone can help explain this to me it would be really helpful cause I'm sure there are some basic concepts I'm not grasping here.


Thanks in advance!
#2
You do not need to guess. The details of the algorithm to derive a key from the user password and use this to encrypt the data/wallet is documented all over the internet, e.g. see here: https://en.bitcoin.it/wiki/Wallet_encryption

litecoin, as far as I know, is just a rip off of bitcoin (at least when we specifically look at the wallet encryption) and basically does the same thing. That's also why in hashcat there is just -m 11300 = Bitcoin/Litecoin (i.e. one hash type that can recover the passwords of both wallet types, there is even bitcoin2john.py that can extract the "hash" of both wallet types!).
The only major difference of litecoin vs bitcoin is the algorithm used by the miners (sha256 for bitcoin, scrypt for litecoin).... and even there litecoin literally failed (at least from what I've seen) to make any good contribution by failing to setting high enough N, r, p scrypt settings to make it GPU-unfriendly (yeah, scrypt is not always GPU-unfriendly, you need to choose high enough parameters. litecoin as far as I know failed horrible in setting those parameters high enough to make any difference).

Therefore, we need to stop mixing up those 2 different types of algorithm (miner algorithm vs wallet encryption algorithm). It's also important that you can't compare apple to oranges. You also can't just guess the hash type just by the length of a hexadecimal formatted hash (like you just did e.g. something like "it must be sha384 because only that hash has the same size", "this and that hash identifier software told me that it is sha384", ... it doesn't work like this).

The underlying hashing+encryption algorithm for bitcoin/litecoin wallet encryption uses a key derivation function (based on sha512 and a lot of iterations: 200000) and a final AES-256-CBC encryption/decryption step. You can't crack bitcoin/litecoin "hashes" by using a different algorithm or hash mode. You need to use the exact same algorithm (hashcat has the hash type -m 11300 = Bitcoin/Litecoin). There is no shortcut or something like a reduction/conversion to a different hash type. Oranges are oranges and apples are apples. You can't transform them. You won't crack the hash by using sha384 because that is a totally different algorithm.
#3
Thanks for the reply.

I think I understand better now. Guess I'll have to wait until we all have quantum computers before I can crack this password
#4
That's not how quantum computers work. They don't magically make everything faster (or even feasible). Especially not standard hashing algorithms. Rather your litecoins will become worthless because the underlying ECC can be broken.