Posts: 5
Threads: 1
Joined: Sep 2019
09-30-2019, 08:00 PM
(This post was last modified: 09-30-2019, 08:01 PM by escher999.)
Hi everyone,
I'm trying to crack one of my old wallet.dat passwords for a Bitcoin-fork network. The password (which was generated by Spideroak Encryptr) uses uppercase, lowercase, and all symbols, and is 12 characters long (which is standard for Encryptr). I have already extracted the password hash from the .dat file. Next, I am going to try a mask / brute force attack on it.
This is obviously going to be a challenge to crack, however, my glimmer of hope is that the characters never repeat. Here are some examples of auto-generated passwords similar to the one I am trying to crack:
- R;A47w|gto?m
- 8^KEZ8?.X/iM
- rxMX8$cQ$4RZ
I have two questions:
- Am I correct in thinking that the non-repeating nature of the chars will make these passwords easier to crack with a mask / brute force attack?
- How would the mask attack script need to be written to specify this character set, but with non-repeating characters? I've examined some of the sample mask attacks but this one is a bit more complicated.
- How might I go about assessing the time this crack will take? I have access to lots of GPU power if needed, but am currently experimenting on a rig running 3x NVDA 1070.
Thank you to anyone who can help.
Posts: 2,301
Threads: 11
Joined: Jul 2010
1. Easier on a mathematical level? Yes. Easier on a practical level? No.
2. Pure hashcat masks cannot do this. maskprocessor has options for this.
3. (94^12 / $hashrate) will give you a rough, optimistic estimate
Posts: 5
Threads: 1
Joined: Sep 2019
09-30-2019, 10:33 PM
(This post was last modified: 09-30-2019, 10:33 PM by escher999.)
That's helpful, thanks undeath.
Looking at the maskprocessor docs, it looks like I can limit the use of consecutive identical chars using the "-q" and "-r" flags, respectively. So if I want to limit to one consecutive and one identical chars per string, in a 12-char password, the correct command would be:
mp64.bin -r 1 -q 1 ?a?a?a?a?a?a?a?a?a?a?a?a
(I am excluding the output params for simplicity.)
Is that correct? If not, what might I be missing?
Thanks again.
Posts: 2,301
Threads: 11
Joined: Jul 2010
-q 1 is redundant with -r 1
but according to your first post "rxMX8$cQ$4RZ" is a valid example (it includes two dollar signs), hence I assumed you were referring to consecutive occurrences.
Posts: 5
Threads: 1
Joined: Sep 2019
Ah, my mistake, that's correct. I can just use -q 1 then.
I'll try this and revert if I get stuck, thanks again undeath.
Posts: 5
Threads: 1
Joined: Sep 2019
Before proceeding, I want to check if it's practical to devote any time to cracking this password.
If cracking time = keyspace / hashrate
keyspace = 95^12 = 5.403600877×10²³
hashrate = hashing function / hardware power [Bitcoin's wallet.dat function / GTX 1070]
4508 hashes per sec for Bitcoin wallet.dat, according to hashcat docs
~3000 hashes per second for NVDA GTX 1070, according to my tests
5.403600877×10²³ / ~1.5 = 3.6024×10²³ seconds ... does that sound correct?
If so, that leaves me with a cracking time of 1.1423×10¹⁶ years, with 1x GPU. Even with my GPU farm it sounds like this is a lost cause; do I have any reason to be more optimistic?
Posts: 2,301
Threads: 11
Joined: Jul 2010
10-01-2019, 09:07 PM
(This post was last modified: 10-01-2019, 09:11 PM by undeath.)
Not sure how you deduce your divisor to be 1.5 after determining your hashrate to be 3000 but your conclusion is correct nonetheless.
Posts: 5
Threads: 1
Joined: Sep 2019
You're right, should have been 0.15 divisor. Leaves me with a corrected cracking time of 1.14×10¹⁷ with 1x 1070 GPU. Oh well, thanks for your help undeath.
