Date: Fri, 7 Dec 2018 13:07:33 +0100 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Understand bitcoin2john script Hi, On Sun, Dec 02, 2018 at 08:51:33PM +0100, atroph0@...il.com wrote: > I am doing some experiments with bitcoin2john on my own wallet. > I wonder if the hash extracted by this script contains sensitive > information, like my public btc address? Directly or indirectly. I'm sorry no one replied to you sooner. I was hoping someone more directly involved with this code would. Yes, you should assume that the "hash" contains at least semi-sensitive information, such as your public key. It probably does not contain truly sensitive information, such as your private key, but I don't vouch for this. Related: Need less revealing *2john "hashes" for cryptocoin wallets & encrypted archives https://github.com/magnumripper/JohnTheRipper/issues/3139 *2john tools should warn users when they produce particularly revealing "hashes" https://github.com/magnumripper/JohnTheRipper/issues/3140 Generate less revealing hashes for Bitcoin wallets https://github.com/magnumripper/JohnTheRipper/pull/3290 As you can see, the last one of these is a merged pull request, so that work was completed. I didn't review it closely, even though it was implementation of my suggestion. What I think we do now is take advantage of CBC mode's properties and store only two blocks of ciphertext, instead of the entire ciphertext. What I think this achieves is a slight speedup of cracking and inability to restore the full public key from the "hash". However, it probably doesn't help against matching of a "hash" (through such partially-restored key, once the passphrase is cracked) against an already known public key. So probably not much help for privacy. We'd appreciate it if you (or anyone else reading this) research this further and contribute on issues 3139 and 3140. Note that they're not limited to Bitcoin wallets, and the CBC mode trick should be reusable for many other input formats to various *2john tools. Here's someone posting a bitcoin2john "hash" (I think from prior to issue 3290 fix?) publicly, offering a 5 BTC bounty for anyone cracking their wallet's forgotten passphrase: https://crackmywallet.org Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.