Mat008
commented
6 years ago A wrong password which I had (stupidly) forgot and not wrote on a paper.
Open clubshaft opened 9 years ago
Mat008
commented
6 years ago A wrong password which I had (stupidly) forgot and not wrote on a paper.
omnivorist
commented
6 years ago I too have a password issue with Multibit Classic. In my case, it appears to be simply a case of having forgotten the password I set up. Like others I have been using the gurnec tool (seeded with some likely guesses) but with no success so far.
In order to check that the gurnec tool (btcrecover) works I set up a new wallet to try it out on. I changed the password several times on this wallet and each time it dumped a new .key file. These .key files are what you are recommended to use with btcrecover in retrieving the password and indeed it worked perfectly. Running btcrecover on a succession of key files I was able to retrieve the passwords used on each occasion.
When it comes to my REAL wallet - the one containing funds there are three .key files, corresponding, I believe to the point I first created the wallet, when I transferred funds and some other later event (maybe I changed the password). As well as the 'live' wallet I have created wallets corresponding to the earlier .key files. One shows as empty, the other contains the same funds as my current balance.
Apologies for the long preamble but my question is this:
Is it worth applying btcrecover to the other .key files (in case the live one is damaged) ? If so, would I be able to retrieve the funds with the password recovered in that way ?
All insights and observations welcome. I return I will happily share my ongoing experiences in trying to retrieve my lost password
fl0ppcom
commented
6 years ago What is teh procedure "gunrec" you are referring to ?
Where to read about it ?
Thanks.
On Sun, Dec 17, 2017 at 5:21 AM, Mat008 notifications@github.com wrote:
@caroksh https://github.com/caroksh
Like many others, because this specific error message, I thought I was entering the good password, but I was wrong.
Using gurnec tool helped me fing the actual password - so Provided AES key is wrong" error message comes from who knows where...?
I strongly suggest you that you take the time to read and try gunrec procedure. it worked for me.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Multibit-Legacy/multibit/issues/620#issuecomment-352226686, or mute the thread https://github.com/notifications/unsubscribe-auth/Ab7ID4dqcs6a3KMQSd_IAw-YYVeq8Baoks5tBHqegaJpZM4CtmXs .
omnivorist
commented
6 years ago Sorry ... typo on my part. It is gurnec/btcrecover. You can read about it here:
https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#running-btcrecover
Interestingly, I'm beginning to think it's that kind of typo (which I am very prone to) that explains why I can't recover my password.
btcrecover appears to be designed to find exactly this kind of problem - but no success so far.
caroksh
commented
6 years ago @Mat008 Thank you for your answer.
I'm also trying with btrecover. Still waiting for the result, it's been running now for more than 2 days and still one more left to finish. I hope it finds my correct password. If not I'll try again with other tokens.
vamosrafa
commented
6 years ago @Mat008 So was it looks like the AES key is wrong in your case was not caused by a correct password and corrupted keys? How close was your actual password you were entering to the correct one?
Also did you get the 94 character output when trying to decrypt it previously?
Mat008
commented
6 years ago @caroksh The way it worked for me is by trying small token combinations at the time instead of a whole bunch, so the process was faster each time. This way I could get almost instant validation (or not) instead of waiting for too long.
In the token file, I was adding # at each token line head after it was tried and simply adding another line under containing new token(s). This way it was easy to see the combinations I've tried already.
I don't say it is better, but only another way of working.
@vamosrafa I got nothing such as 94 character output (using btcrecover you mean?) Only "password search exhausted."
The actual password was totally different from the one giving the AES error...
caroksh
commented
6 years ago @vamosrafa I have a 44 character output when I use the extract-multibit-privkeys.py file_name.key (from the extract-scripts directory in btcrecover. I copy/pasted it in gedit (sort of notepad but for linux) where you can count the characters, lines, etc... and bytes. But the file_name.key without doing anything to it is 128 characters.
@Mat008 I have also been trying to do it with smaller parts but it's endless so at the end I decided the long way.
Perhaps you can help me with my token: My password has 3 words (all together, just one after the other). I know the first and the last one, but now I am not so sure about the middle one. So I made my token with the following 3 lines in it, except what is in ( ).
[ ] + ^firstword ^Firstword ^FIRSTWORD ^fIRSTWORD (Must start with one of the following versions of "firstword")
[ ] + lastword$ Lastword$ LASTWORD$ lASTWORD$ (Must end with one of the following versions of "lastword")
[ ] ^,^%7a (In the middle there should be a 7 character word in smallcaps which I don't know)
This gives me 128508962832 passwords!!!
Do you know of some better or quicker way to do it?
Mat008
commented
6 years ago Hum... I don't know. Good luck !
markburns
commented
6 years ago Is it possible that the wallets were encrypted/decrypted differently across multibit versions?
I am currently unable to build or find the older versions of multibit to verify. e.g. https://multibit.org/releases/multibit-classic/multibit-0.5.14 https://multibit.org/releases/multibit-classic/multibit-0.5.13 https://multibit.org/releases/multibit-classic/multibit-0.5.12 https://multibit.org/releases/multibit-classic/multibit-0.5.11
don't contain built versions.
Whereas https://multibit.org/releases/multibit-classic/multibit-0.5.15 https://multibit.org/releases/multibit-classic/multibit-0.5.16 https://multibit.org/releases/multibit-classic/multibit-0.5.17 https://multibit.org/releases/multibit-classic/multibit-0.5.18 do.
But this commit looks like a feasible culprit:
Which would imply that a (across versions) breaking change may have been introduced with https://multibit.org/releases/multibit-classic/multibit-0.5.18
Unfortunately as I can't build it, I am just resorting to guessing by reading the diff. And I also currently can't even run the downloaded binaries on High Sierra to verify.
Perhaps someone who is not on Mac Os High Sierra can check to see if downloading older versions and unlocking the wallet with those works?
Or perhaps someone with more Java chops than I could build the older versions?
If this seems like a viable avenue to explore, then we might be able to update https://github.com/gurnec/btcrecover to be even more useful
I.e. if it is just a padding difference, and using the same algorithm to decrypt the file as was used to encrypt it is all we need to do, then we can probably update the recovery tool.
Autoband86
commented
6 years ago @markburns were you able to find version and use 5.15? I have made my wallet in 5.15 and used it since, but had not opened it for quite a while. I am afraid somehow there has been a change in the OS (I have updated a couple of times since I had the wallet), which resulted in the corruption of the files.
markburns
commented
6 years ago @Autoband86 I haven’t investigated any further but I may try in the future on a VM
vamosrafa
commented
3 years ago @markburns did you ever give this a shot? Not sure if you were facing the same issue? At this point it is probably worth it for me to go get a doctorate in cryptography (not that I could) to figure this out haha.
But seriously I can offer a nice bounty (2.5 BTC) if anyone can help me decrypt the key file. I am going to try hashcat in the meantime unless it is a forgotten password.
However some person surfaced on bitcointalk claiming it was an encryption error. If it is hopeless I guess it'd be nice to give up and move on with my life.
gary-rowe
commented
3 years ago Hi @vamosrafa. While I'm no longer involved with the MultiBit project, I would like to help you reach a conclusion for this situation. Drop me an email (see my profile) and I'll see what I can do.
Autoband86
commented
3 years ago @gary-rowe @vamosrafa I still have the same issue as well and would also be very interested in what you find out. Thank you for a reply.
vamosrafa
commented
3 years ago @Autoband86 have you tried decrypting with any password utilities? I had previously given it to the popular BTC recovery services guy with the password that is giving me the "provided AES key is wrong" with no luck.
I also have casually tried BTCrecover, and, more recently a couple hashcat attempts at brute forcing with no luck. Which leads me to believe it might be related to the encryption process itself between the different versions of multbit I used with the keys.
markburns
commented
3 years ago I had another look at this over Xmas and whilst I didn't get it building I did look at that specific commit and it doesn't really look at all like a change to the encryption.
@gary-rowe is probably in a better position to comment but whilst the name of the commit refers to a padding fix, it appears to look like a refactor. Just changing the return value to a copy of the bytes. I initially thought it was returning different bytes but I no longer believe that to be the case. So I think that rules out that one case.
I still think there's a possibility for a similar bug in between versions like that though.
There's a lot of file reading and writing goes on, with silent rescuing of exceptions in the codebase. So I still think a complex combination of interactions could have possibly resulted in somehow the files being encrypted differently.
I've also been looking at OpenSSL itself and there are definite difference in default behaviour between versions for that too.
So the command openssl enc -d can take different options to mimic previous versions and result in different encrypted outputs with the default ones. A bit of an aside but it certainly complicated the debug process for me. As there are notes somewhere in a README that refer to this command.
dannydeezy
commented
3 years ago @vamosrafa I'm interested in trying to help if you're still looking
omnivorist
commented
3 years ago APPEAL TO OUR COLLECTIVE EXPERIENCE:
In common with a number of other contributors to this thread I have some bitcoin held in a MultiBit Classic wallet and am unable to export the private key. It is quite possible that I have forgotten my password.
I have used btcrecover (on an earlier occasion) with a huge number of candidate passwords and variations but didn't find my password. Now of course, with the present high value of bitcoin I am tempted to have another try.
I have read through this thread carefully and, as far as I can make out, there were just two success stories:
Beyond those two cases, there is very little evidence of success (or failure).
It would be really helpful if anyone has any knowledge of what has happened to people with password problems on Multibit Classic. Are there other instances of btcrecover working? Are there other cases of corrupted key files? Are there any other approaches worth taking?
Maybe if we pool our knowledge, co-operate and help one another we can all gain.
Incidentally, I console myself with the thought that if I hadn't forgotten my password I would have cashed in years ago and would have lost the chance of the massive gains that are now possible.
gary-rowe
commented
3 years ago I've been working on this problem for the past few weeks and here are some definitive results as a result of a very detailed analysis across multiple versions of the code bases of MultiBit and Bitcoinj (the underlying library):
If one runs a password cracker over a MultiBit wallet there are multiple instances where the message "Provided AES key is wrong" is seen. When one provides the correct password the correct public key is derived from the decrypted private key.
In addition, I myself have sworn blind that I used one password to encrypt a wallet only to find that I actually used another one entirely unrelated. Our human memories are truly terrible.
So given the above, what can be done?
hashcat and use it to generate a vast number of candidate passwords and then work through them. You're now in the realm of professional crypto wallet cracking services.Note that MultiBit does not use simple password hashing so a rainbow attack is useless. Instead a cracking tool would need to use the same code as present in MultiBit/Bitcoinj and work through the different candidates. This is a deliberately slow process (30-100 guesses per second offline) so any good guesses at existing passwords greatly reduce the search space.
omnivorist
commented
3 years ago Thanks for this @gary-rowe. I am well aware that I might have forgotten my password - so I am not suggesting there are faults in MultiBit.
I am most interested in your last paragraph. I have tried using btcrecover on the MultiBit key file configured to generate a huge number of candidate passwords - so far without success. What do you mean about this being a deliberately slow process. I appreciate that is not trivial but I would expect it to get faster using a faster processor, for example. btcrecover apparently has the capability to run on fast graphics processors - reportedly with a 100x speedup. You're surely not saying that there is a hard limit to how fast it can run.
Or maybe I misunderstood your post.
gary-rowe
commented
3 years ago @omnivorist MultiBit Classic uses Scrypt as a key derivation function with parameters N=16384, R=8, P=1. This has the effect of forcing a time constraint on processors in order to generate the resulting hash which is then used as the actual key for the AES (CBC padded) encryption of the private keys. These parameters were considered good for 2013 and a bit weak for 2017 and much less suitable for 2020 onwards. However, I should point out that this only applies to the keys within a .wallet file (a Protobuf serialization format).
If a key export has taken place (found in an encrypted .key file) then a different encryption process is used. This was in case MultiBit as a project was no longer available and a user needed a less complex format to work with. Thus a simple text file with AES encryption supported by OpenSSL was chosen.
The command line to access this file (usually in the key-backup folder) is
openssl enc -d -p -aes-256-cbc -a -in encryptedwallet.key -out decryptedwallet.txt -pass pass:yourpasswordand is much faster to decrypt.
.key filesEdit: There is a more refined script later:
Here is a simple Unix script for taking a list of guesses and applying them to the exported key file. Note that if you export your guesses from a key manager tool the output may be a CSV with multiple columns. You should adjust the ${print $123} to {print $1} if the guesses are in the first column and so on as needed.
#!/bin/bash
echo Usage: apply-guesses.sh [guesses CSV] [key file]
echo Password file: $1
echo Key file: $2
for password in $( awk -F , -v OFS=' ' '{print $123}' $1 ); do
echo ------
echo Attempting: $password...
openssl enc -d -p -aes-256-cbc -a -in $2 -out recovered.key -pass pass:$password
if [ $? -eq 0 ];
then
echo "Success!";
break;
else
echo "Failed";
fi
echo ------
doneSimply running it as is won't work you'll need a word list. The best way to get one is to first create a list of possible guesses in a text file called basis.txt and then run hashcat over them using a good rule like best64.rule or dive.rule from its repo to generate hashcat.txt.
You do this as follows (using Homebrew for installation, your OS may vary):
brew install hashcat
hashcat --force --stdout basis.txt -r rules/dive.rule > hashcat.txt
chmod +x apply-guesses.sh
./apply-guesses hashcat.txt encryptedwallet.keyIf it all works (or you get a possible decrypt) you'll see a Success! message and a recovered.key file. If that file looks like a private key (starts with L or K) with a time stamp then you have successfully obtained your private keys.
Here is an example of the output using the attached Empty-abc23.key file Empty-abc123 key - due to GitHub naming restrictions you may need to rename the attachment by dropping the .log suffix.
Create an example basis.txt containing:
abc
abc1
abc123
abc2then do the following:
./apply-guesses.sh basis.txt example/Empty-abc123.key
Usage: apply-guesses.sh [password CSV] [key file]
Password file: basis.txt
Key file: example/Empty-abc123.key
------
Attempting: abc...
salt=C15B3E24F8F8272F
key=A0C4BD16126D07D9642CCCEADD157A6E959DC3C4382F76D64E8FA86B3DD03C2C
iv =CDFB26AD32EEC6609DFA6DA14641CB45
bad decrypt
4521324204:error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.2/libressl-2.8/crypto/evp/evp_enc.c:521:
Failed
------
------
Attempting: abc1...
salt=C15B3E24F8F8272F
key=73FD5F86503034405E832BEF999D22E5E1E5AAD71CBABE33BB06C3FBD3AB5FE5
iv =7C78469FDD70EC3AD949486ED3D63AF7
bad decrypt
4506599084:error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.2/libressl-2.8/crypto/evp/evp_enc.c:521:
Failed
------
------
Attempting: abc123...
salt=C15B3E24F8F8272F
key=B4B8FC2EBC74A9CF9AFE50DB0C7053E078F1250747DAE984EF33140EC74FA6A1
iv =F6EFF77EE322C7AF068E7D9E742DBB7D
Success!
Examining recovered.key yields L5H4yC6zSPLojPmyCi9hk2T9hNLJqojicmGC7nwS7kck82ARfLuN 2015-04-27T12:58:37Z or similar. The time stamp represents when MultiBit Classic thinks the key was created.
markburns
commented
3 years ago @gary-rowe fantastically helpful input there. I think I've been down these avenues thoroughly but I'll put aside some time to double check this weekend.
Would you mind also listing the exact version of OpenSSL you are using?
I know that the default parameters changed in between versions. E.g. an older version used the default --md (I think) parameter set to md5 whereas IIRC later ones use SHA256.
omnivorist
commented
3 years ago @gar-rowe: First, like @markburns, I'd like to thank you for the really helpful and full response you have made to this discussion. I should explain that I spent much of my career developing software in C++ so I have an understanding of computers and software. All the same, I have very little knowledge of encryption, python and these kinds of configuration environments so I am grateful for all the help you can give.
I have read your post very carefully and have a few questions and observations of my own.
I don't understand your first paragraph about Scrypt and the Protobuf serialisation format. Maybe this doesn't apply to my situation. I have a number of .wallet files but I have some .key files also and, so far, I have been concentrating on using these in an attempt to rediscover my (lost) password. The idea then would be to use the password to export the private keys and to import these into a new, supported wallet app. By the way, the version of Multibit I am using is 0.5.17. I loaded the wallet in 2014.
I am using btcrecover (mentioned by other contributors to this post) to try to discover my password.
In order to give myself some confidence, I have created a new (empty) Multibit wallet, and protected it with a password. I then take the .key file associated with this wallet and run btcrecover on it - and btcrecover succeeds in finding the correct password. This suggests that the general approach is sound but I am interested to know if you think my confidence is justified, given the time that has elapsed since I created my first key files.
After reading your post I felt I should try using openssl as you suggest and installed a version on my PC. Running it on my same test key file with my knwon password gives the following output:
openssl enc -d -p -aes-256-cbc -a -in test.key -out decryptedtest.txt -pass pass:
None of this makes much sense to me. If you feel there is something to be gained by using openssl, I am willing to put the effort in to getting it working but I could use some help.
One more (maybe irrelevant) observation: I have 3 .key files for the wallet that I am attempting to access: They are all dated within minutes of each other (Nov 2014) when I first loaded the wallet. I can't recall the sequence of things that I did at the time but the following is likely:
The earliest dated key file is only about half the size of the others. Is this what you would expect to see if it corresponded to an empty wallet?
ONCE AGAIN: I really appreciate your help with this
All the best, David Wilson
gary-rowe
commented
3 years ago @markburns When generating the example file I used the latest version of MultiBit Classic.
The encryption library is com.madgag:sc-light-jdk15on:1.47.0.2 (Spongy Castle) which produces OpenSSL compatible encryption based on a single sound of MD5. More technically, it is PKCS 5 V2.0 Scheme 1 using MD5 with an iteration count of 1. From my review of the git history of the pom.xml this library was in use from 11 June 2012 right up until the final version.
The version of OpenSSL I'm currently using on my test machine is LibreSSL 2.8.3.
I should add that occasionally the script above will report a successful decrypt even when it didn't (Provided AES key is wrong rears again). This version may work better (same rules for print $123 as earlier) also contains the -md md5 flag for newer OpenSSL:
#!/bin/bash
echo Usage: apply-guesses.sh [password CSV] [key file]
echo Password file: $1
echo Key file: $2
for password in $( awk -F , -v OFS=' ' '{print $123}' $1 ); do
echo ------
echo Attempting: $password...
openssl enc -d -p -md md5 -aes-256-cbc -a -in $2 -out recovered.key -pass pass:$password
if [ $? -eq 0 ];
then
grep 'T\d\d:\d\d:\d\dZ$' recovered.key
if [ $? -eq 0 ];
then
echo "Success!";
break;
else
echo "Garbage"
fi
else
echo "Failed";
fi
echo ------
done@omnivorist I'll try to answer your questions as best I can
I don't understand your first paragraph about Scrypt and the Protobuf serialisation format. Maybe this doesn't apply to my situation. I have a number of .wallet files but I have some .key files also and, so far, I have been concentrating on using these in an attempt to rediscover my (lost) password. The idea then would be to use the password to export the private keys and to import these into a new, supported wallet app. By the way, the version of Multibit I am using is 0.5.17. I loaded the wallet in 2014.
There are two different mechanisms at play for storing encrypted private keys: the .wallet file (a Protobuf serialisation format) and the .key file (a text based format). The primary storage for MultiBit is the .wallet file and was written to be much more attack resistant than the text file as it would permanently reside on a user's machine. The purpose of the text file was for long term storage of keys away from the user's machines, perhaps on a backup hard drive. This would enable recovery of the private keys using standard tools such as OpenSSL.
It is much faster to test a password against a .key file than a .wallet file. However, sometimes people don't export their private keys so the .wallet is the only choice. Also the .wallet contains verification of the decryption by means of the associated public key, the .key file is much more primitive.
I am using btcrecover (mentioned by other contributors to this post) to try to discover my password.
In order to give myself some confidence, I have created a new (empty) Multibit wallet, and protected it with a password. I then take the .key file associated with this wallet and run btcrecover on it - and btcrecover succeeds in finding the correct password. This suggests that the general approach is sound but I am interested to know if you think my confidence is justified, given the time that has elapsed since I created my first key files.
Yes, that sounds fine. The btcrecover tool is very versatile and a good choice for this kind of thing.
After reading your post I felt I should try using openssl as you suggest and installed a version on my PC. Running it on my same test key file with my knwon password gives the following output:
openssl enc -d -p -aes-256-cbc -a -in test.key -out decryptedtest.txt -pass pass:<my_password>
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
salt=D8DEA4286CA2EFD9
key=23DFCC224C109A3F3259FBF1555FD218BF4BA4459A51A5EBA34FD15DFD0F6FA6
iv =C12E27A7E2C3B91FEFE7EFB6A356288F
bad decrypt
12360:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto\evp\evp_enc.c:610:None of this makes much sense to me. If you feel there is something to be gained by using openssl, I am willing to put the effort in to getting it working but I could use some help.
The default hash used to derive keys from a password changed between OpenSSL 1.0.2 and OpenSSL 1.1.0. Try this:
openssl enc -d -p -md md5 -aes-256-cbc -a -in test.key -out decryptedtest.txt -pass pass:<my_password>One more (maybe irrelevant) observation: I have 3 .key files for the wallet that I am attempting to access: They are all dated within minutes of each other (Nov 2014) when I first loaded the wallet. I can't recall the sequence of things that I did at the time but the following is likely:
I created an empty (password protected) wallet
I moved some bitcoin into it
I (may) have changed the password.The earliest dated key file is only about half the size of the others. Is this what you would expect to see if it corresponded to an empty wallet?
MultiBit Classic does support using different passwords for the .wallet and .key files. However, when a password is added to a wallet file then an automatic backup of the private keys takes place using the same password. This functionality has been in place since 22 Oct 2012.
omnivorist
commented
3 years ago Thanks again @gary-rowe. Lots to think about here but it is reassuring to think that my btcrecover strategy appears sound. Next step is to get more clever about generating candidate keys and then maybe to run the recovery processes on some sort of 'farm'. I have a bunch of GPUs available (for rendering) but btcrecover doesn't seem capable of exploiting them.
I will carry on but I may not reply for a while. You have given me plenty to think about. I'll update you when I have news.
AMDG85
commented
3 years ago I have the same problem: The password is +95% correct. ----error "Provided AES key is wrong" (( http://сергей.бел/img/error.jpg UPDATE:
Happened! Could pick up through the btcrecover program. As a result, the password is slightly different! http://сергей.бел/img/successfully.jpg
If anyone needs help, write. My site: http://сергей.бел (Russia) https://t.me/AMDG_SIR
I also have more than 20 mining farms
constchange
commented
3 years ago @gary-rowe Thanks very much for your responses here. It helped me make real progress in saving the private key. I'm stuck on a new step and really hope you can give some suggestions:
In Dec 2013 I exported a wallet and key file, both encrypted, from multibit classic. Now I only remeber the key password, and have been trying to decrypt it lately.
I installed a multibit classic 0.5.17 from web (now I know this might be dangerous). I set a new wallet, tried to import the encrypted key, and input the password. It didn't say "could not decrypt input string" as in the case I used any other wrong password, but it said "could not understand address in import file". This case was the same as @fl0ppcom once said in this topic.
Then I tried to decrypt it externally; finally found the command openssl enc -d -p -md md5 -aes-256-cbc -a -in test.key -out decryptedtest.txt -pass pass:<my_password> after a lot of searching. The decrypt was successful. Then another problem occur. The plain text it output was like this when opened in notepad:
labokho
doge2021
willcbanks
KryptoKicks
PascalBergeron1993
I have a serious bug ! import wallet work . I see all my transfers and my saldo ''coins''
when I wanna sent some coins it ask me for password . like it always do now monts from may .
I know my password 100% here is no doubt about it .
I get the error message ► provided AES key is wrong . this is insain ! ! ! why you let me enter a password to my wallet ? not safe without a password you tell to the people . BULLSHIT + 20 BTC my own coins from 2 years pfffffff I can do nothing with it becouse off that stupid password BUG ( scam?? )
Iam now 7 days trying to fix this but nothing work . coincidentally the backup wallet and backup key also give an error . all the other files are ok from my old wallets . they are all there but there is no money on it .
the error message was "NUL" wit the backup key and backup wallet file .
I'm totally misled by multibit WTF I I knew this was going to give problems . no recovery for passwords LOL so that is safe ????? never I read anny messages for warning me becouse the danger off using a password . I know my password let that be clear . more than 23 coins WTF .
████ people if you read this do your password gone before it is to late ! ! just rar the file with password two times or 3 times . up some rar with password in gmail there it stays till we dead . for me it is to late feel verry bad what a massive scam damn ███