What is the speed of Hashcat for cracking wallet.dat using GPU?

[blibblob]

I have a password protected Bitcoin wallet.dat file but I've lost the password. It doesn't have much BTC but I'd like it back if possible.

I apologise if these questions are simplistic and naive. I hope that someone knowledgable can answer them.

This post (https://hashcat.net/forum/thread-8878-po...l#pid47135) says that "Bitcoin wallets are a very slow hash..." In the table, the hash is shows as 4005 H/second on a GPU 1070.

So, to clarify, are we saying that - more or less - a 1070 or equivalent can check the hashes of 4,000 unique passwords per second?

So presumably, if my math is correct, that's:

240,000 hashes per minute.
14,400,000 hashes per hour.
345,600,000 per day.

Is it possible to extrapolate in such a way? Or would there be factor(s) which means this procedure is inaccurate?

My password would have been something like a word (with first letter a capital), two or three numbers, then one or two punctuation symbols. An example (I am making this up) would be: Frog66!!

Presumably a decent wordlist would have this type of password.

But I am curious to know if my assumption that 0.345 billion hashes per day is a valid calculation assuming one 1070 GPU? Or am I missing something?

By comparison, a video on YT with a 1060 deployed 1150 H/s.

The other thing I don't know is whether the password format of the wallet.dat is dependent on the software used. For example, if someone password protects their wallet.dat using Electrum, could that be a different method compared to, say, password protecting their wallet.dat with MultiBit or Wasabi? Or is it all the same to Hashcat (as type 11300)?

Thank you.

[undeath]

Is it possible to extrapolate in such a way?

yes, that's correct

My password would have been something like a word (with first letter a capital), two or three numbers, then one or two punctuation symbols. An example (I am making this up) would be: Frog66!!

A decent wordlist that contains "frog"? Yes, you will probably have that. But adding numbers and symbols will add significant complexity, unless, like in your example, the numbers and symbols are simply the same character repeatedly.

The other thing I don't know is whether the password format of the wallet.dat is dependent on the software used. For example, if someone password protects their wallet.dat using Electrum, could that be a different method compared to, say, password protecting their wallet.dat with MultiBit or Wasabi? Or is it all the same to Hashcat (as type 11300)?

wallet.dat is the file format used by bitcoind. If you use other software it will use other wallet formats. They are not compatible.

[Mem5]

If I am not mistaken the speed also depends on the iterations count (hashcat benchmark takes 199999)

Here is another benchmark for 10 * GTX 2080 Ti (source)

Hashmode: 11300 - Bitcoin/Litecoin wallet.dat (Iterations: 199999)

Speed.#1.........:    11665 H/s (244.18ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#2.........:    11578 H/s (246.03ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#3.........:    11586 H/s (245.86ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#4.........:    11313 H/s (251.80ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#5.........:    11480 H/s (248.13ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#6.........:    11351 H/s (250.95ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#7.........:    11489 H/s (247.94ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#8.........:    11515 H/s (247.39ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#9.........:    11371 H/s (250.51ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#10.......:    11560 H/s (246.40ms) @ Accel:32 Loops:1024 Thr:256 Vec:1
Speed.#*.........:  114.9 kH/s

114.9 kH/s =>  around 9,927,360,000 hashes per day

[blibblob]

Thank you "undeath" and "Mem5" for your helpful comments.

Let's take the 1070 speed of 345,600,000 hashes per day. So that's (unless I'm totally misunderstanding this) 345,600,000 times each day, that Hashcat checks the hash of the wallet.dat file and compares it to the hash of each line of the wordlist. Correct?

If I'm correct, then a wordlist of 1,000,000,000 lines, would take around 3 days to check. Presumably, then, the security of a wallet.dat that got lost / hacked / illicitly copied, would derive from the password not being in the wordlist considering one can check one billion words in 3 days. Is that the right assumption (sorry again for the naive questions)?

At the same time, if we imagine random passwords of eight digits upper case, lower case, and numbers, we have 62 characters (a-zA-Z0-9). An example might be: u8LG0vw2. So, for eight characters, am I correct that we have 62^8 (62 options for each of 8 characters) = 218,340,105,584,896 potential words?

If we 218,340,105,584,896 / 345,600,000 then, to attack every word in the list, we would need 631,771 days. If we took the 10*2080 (no doubt very expensive to rent), we do 218,340,105,584,896 / 9,927,360,000 and we would need 21,993 days to attack every word in the list. Even assuming we only needed 50% of the words to crack the hash, that's still 10,997 days. And that's why it's virtually impossible to crack random strings. And, of course, that's only eight characters and I didn't include symbols.

Does this make sense? Thanks again!

[NoReply]

Your thoughts are absolutely right.

The only thing you are missing here is the iteration count, which is basically a factor which determines how long it takes to hash a single candidate (you can see the iteration count e.g. in the benchmark Mem5 posted). The iteration count tells us how often a password is hashed, before it is actually saved / used and this count may vary for every wallet.dat you encouter. So it is possible that it's lower than 199999, so you get better speeds than the one in the benchmark, or it is higher so you get worse speeds.

[fiji]

My password would have been something like a word (with first letter a capital), two or three numbers, then one or two punctuation symbols. An example (I am making this up) would be: Frog66!!

I believe you will find a rule for this setup or you could easily create your own mask. 
Additionally remember that if you use hashcat against one hash, you have some benefits - checking for several hashes is slower (they could have different number of iterations etc.)

BTW: if you have are sure that this is your format, you may think about using btcrecover (https://github.com/gurnec/btcrecover) where you may easily write your password as a list of tokens:
https://github.com/gurnec/btcrecover/blo...token-file

Aha, and for electrum, you have differentt hashcat mode, depending on electrum hash type:
   11300 | Bitcoin/Litecoin wallet.dat                   
  16600 | Electrum Wallet (Salt-Type 1-3)             
  21700 | Electrum Wallet (Salt-Type 4)                   
  21800 | Electrum Wallet (Salt-Type 5)             
  12700 | Blockchain, My Wallet                           
  15200 | Blockchain, My Wallet, V2                   
  18800 | Blockchain, My Wallet, Second Password (SHA256) 
  16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256   
  15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256        
  15700 | Ethereum Wallet, SCRYPT

[blibblob]

Would it ever be viable to use Hashcat and the hash of a wallet.dat and cover every option within a word space. For example, what kind of processing power would it take to target every one of the 218,340,105,584,896 options for 62^8 (a-zA-Z0-9)?

I mean - it's possible to rent supercomputers...

[womble]

At 9,927,360,000 hashes per day, that's 62^8 / 9,927,360,000 => 21993.77 days. Something of an enforced HODL.

[blibblob]

At 9,927,360,000 hashes per day, that's 62^8 / 9,927,360,000 => 21993.77 days.  Something of an enforced HODL.

Indeed. That's why I mentioned supercomputers.

For example, if a supercomputer could manage 100,000,000,000 hashes per day. Does Hashcat have any limitations? Could it - theoretically - hash 1 trillion hashes per day?

[undeath]

One trillion per day? Laughable Assuming your opencl drivers support that much devices hashcat will gladly use them. It scales linearly.

For example see this 8x GTX 1080Ti benchmark, hitting 550GH/s (550,000,000,000 hashes per second) for MD4: https://gist.github.com/epixoip/ace60d09...5005051505