[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    Re: [john-users] Understand bitcoin2john script
From:       atroph0 () gmail ! com
Date:       2018-12-07 20:26:49
Message-ID: CAMb0_rrMAx6-kcMrb1ChYMHgPPA7XTA2u6TfV4-UUPfW_R6QeA () mail ! gmail ! com
[Download RAW message or body]

Hi,
Thanks for your answer.
I noticed that the last part of the hash is the "public_key". But when
I use the function public_key_to_bc_address() with this public_key,
the btc address returned is NOT the address linked to my wallet.
That's why it's not clear how this public_key is linked to my btc pubic add=
ress.
Any hints?

Le ven. 7 d=C3=A9c. 2018 =C3=A0 13:07, Solar Designer <solar@openwall.com> =
a =C3=A9crit :
>
> Hi,
>
> On Sun, Dec 02, 2018 at 08:51:33PM +0100, atroph0@gmail.com wrote:
> > I am doing some experiments with bitcoin2john on my own wallet.
> > I wonder if the hash extracted by this script contains sensitive
> > information, like my public btc address? Directly or indirectly.
>
> I'm sorry no one replied to you sooner.  I was hoping someone more
> directly involved with this code would.
>
> Yes, you should assume that the "hash" contains at least semi-sensitive
> information, such as your public key.  It probably does not contain
> truly sensitive information, such as your private key, but I don't vouch
> for this.
>
> Related:
>
> Need less revealing *2john "hashes" for cryptocoin wallets & encrypted ar=
chives
> https://github.com/magnumripper/JohnTheRipper/issues/3139
>
> *2john tools should warn users when they produce particularly revealing "=
hashes"
> https://github.com/magnumripper/JohnTheRipper/issues/3140
>
> Generate less revealing hashes for Bitcoin wallets
> https://github.com/magnumripper/JohnTheRipper/pull/3290
>
> As you can see, the last one of these is a merged pull request, so that
> work was completed.  I didn't review it closely, even though it was
> implementation of my suggestion.  What I think we do now is take
> advantage of CBC mode's properties and store only two blocks of
> ciphertext, instead of the entire ciphertext.  What I think this
> achieves is a slight speedup of cracking and inability to restore the
> full public key from the "hash".  However, it probably doesn't help
> against matching of a "hash" (through such partially-restored key, once
> the passphrase is cracked) against an already known public key.  So
> probably not much help for privacy.
>
> We'd appreciate it if you (or anyone else reading this) research this
> further and contribute on issues 3139 and 3140.  Note that they're not
> limited to Bitcoin wallets, and the CBC mode trick should be reusable
> for many other input formats to various *2john tools.
>
> Here's someone posting a bitcoin2john "hash" (I think from prior to
> issue 3290 fix?) publicly, offering a 5 BTC bounty for anyone cracking
> their wallet's forgotten passphrase:
>
> https://crackmywallet.org
>
> Alexander
[prev in list] [next in list] [prev in thread] [next in thread]