"Wrong Password" Issues

[wolovim]

Description

For many people, creating an Ethereum wallet is the first time they'll be creating an "account" with no password recovery service. Mist and Ethereum Wallet have consistently had issues filed related to users being locked out of accounts. In the Mist UI, this is visible via a "Wrong Password" error notification when attempting to use a given wallet.

Fortunately, many of these issues are resolved by users remembering they had used a different password, or discovering they made a typo in their password, sometimes with the help of a brute force password recovery tool, like pyethrecover.

Unfortunately, still many reports exist with users certain of their password and unable to unlock their wallets. Many of these reports insist that the incident is the result of a bug in the application and we take those claims very seriously. Each of these issues reported have their own nuances as to how they occurred, e.g. moving wallets to another machine, wallet creation during onboarding, specific language keyboards, use of special characters, during Mist version upgrades, and so on. Every one is researched and tried to reproduce.

If you're in this situation, we know you're in a very stressful position and we haven't abandoned you. We do, however, need your help. If a bug exists, our team has been unable to reproduce it yet. If you are able to, it would be of tremendous help to us if you would share the precise steps you took and your relevant system specs (OS, keyboard language, app version number, geth version number).

Specific example links:

• special character usage: https://github.com/ethereum/mist/issues/3176#issuecomment-349403728

• solved by downgrading Mist version: https://github.com/ethereum/mist/issues/2411#issuecomment-353166968

• keystore folder clear resulting in new wallets created: https://github.com/ethereum/mist/issues/3426

• pw works on first but not subsequent wallets:

  • https://github.com/ethereum/mist/issues/2411#issuecomment-355082708
  • https://github.com/ethereum/mist/issues/2411#issuecomment-333281951
  • https://github.com/ethereum/mist/issues/2411#issuecomment-354410512

• norweigan keyboard use: https://github.com/ethereum/mist/issues/2411#issuecomment-354862699

  • electron international keyboard issue: https://github.com/electron/electron/issues/5649

• success with pyethrecover: https://github.com/ethereum/mist/issues/3176#issuecomment-347361860

Related issues:

• https://github.com/ethereum/mist/issues/2411
• https://github.com/ethereum/mist/issues/3176
• https://github.com/ethereum/mist/issues/3244
• https://github.com/ethereum/mist/issues/664

NOTE: please keep this issue substantive and don't comment to say "I'm having this problem too." Use your emojis instead, please :smile:

[anormore]

Thank you for formalizing this problem, many of us are indeed stressed ;)

Unfortunately, I cannot recreate the situation, as I participated in the Pre-Sale event. I've got my ethereum_wallet_backup.json and my notepad document with password on it. It is a very simple password, yet has special characters as per the requirements of the presale.

I've been running every type of password cracker there is on this wallet. Currently heavily invested in Hashcat.

I suppose the big question I'd like answered is: Does this bug change the hash value because of the input error?

I would suspect it does. If a character as ! doesn't get run as that, it would completely change the contents of my .json file to something different. Therefor, my Hashcat will never return as positive. My entire wallet file is now useless, isn't it?

Unless we can figure out what the ! character has become, then I can retry running my Hashcat with a formula.

Do you still have access to stage.ethereum.org's code? Is there a way we can reproduce the pre-sale problem? Sincerely,

[anormore]

Please reference this bug report, as you can see, it has existed for a long time with PreSale wallets.

https://github.com/ethereum/mist/issues/182

[oldmate89]

:+1:

[0x7969]

Hey, thanks for the heads up, is "wallet creation during onboarding" supposed to describe wallets that were created while nodes were still syncing? That's what I did and I've seemingly got the problem aswell. I tried installing Mist on a rather old netbook which never managed to finish downloading all blocks (maybe not enough RAM). As the netbook was obviously too slow, I tried opening the keystore file with myetherwallet (there's not much on it, but still…), then noticing my password wouldn't work. Could it be because it hasn't finished syncing?

[funsh1ne]

Hi Ethereum Team, Thanks for giving us an official update. @evertonfraga to help you gather info on #3539, my keystore files were created 6/16/2016 and 6/24/16. The password contained multiple special characters which has already been discussed as an issue. The last transaction I was able to send out from the wallet with the same password was 552 days 4 hrs ago. Hope this helps with identifying the problem.

Specs: MacOS High Sierra 10.13.2, Keyboard Language: English, Running Ethereum Wallet 0.9.3 synced with light client.

[evertonfraga]

@funsh1ne would you please try this? https://github.com/ethereum/mist/issues/982#issuecomment-247409749

[evertonfraga]

⚠️ ⚠️ Calling all users that can't access their accounts. ⚠️ ⚠️ Please help us get more structured information about your "Wrong password" issues.

https://goo.gl/forms/jznmHV6Fpui7Ijds1

[evertonfraga]

@anormore I'll try to find the presale wallet generator.

[frufru99]

I followed the instruction from the google form and after 6 month I could unlock my account!! I used the geth account update methode, I don't know if that's normal behavior or not, account 0 and 1 had the same address. But I'm sure it's not good to also have two separate keystrore files for the one address, which i had. My password that didn't work inside the wallet unlocked one account here, I changed the password and after that I was able the send the coins from myetherwallet. Thanks for the help!

[anormore]

I've been chatting over at the HashCat forums, where Philsmd has given a great amount of insight in to this, from an outside perspective.

https://hashcat.net/forum/thread-7181-post-38590.html#pid38590

Here are the cliffnotes:

• It is true some users reporting this issue have infact found their password afterall
• If it is indeed Ethereum wallet generation that is bugged, there is no sense in running Hashcat / Ethcracker
• If this is infact the case, we should build a case study and determine a repeatable approach to creating the bug to understand it, after which, we can build a solution to solve it

Thanks @evertonfraga for digging that out. I'll spread the word about your Google Form.

[sebd-davra]

Maybe the problem only happens when the funds have been transferred to the wallet, a rewrite of the UTC file ? Just an idea. The only thing I cannot reproduce is the money transfer and maybe cannot reproduce the issue because of this.

[evertonfraga]

@anormore have you tried importing from C++ ETH? What is the "version" of your keystore, as we can see on the issue below

Follow this issue: https://github.com/ethereum/mist/issues/2097

[anormore]

Well, I'll have a look -- but it's a PreSale wallet from August 2014. I've tried the Kraken presale importer, myEtherWallet with no luck. But I'm not really certain what tool will FOR SURE open my wallet. I'll check your solution in #2097

[anormore]

I'm not sure how to proceed on determining version. Would you like me to submit a copy of my wallet to you?

[oldmate89]

I too am having the same issue. I have tried on both MEW and Kraken. I was using an English (Australian) keyboard layout.

I will try importing on Geth, however my understand of Go language is limited. Are there any details instructions available that anyone would recommend?

[evertonfraga]

A user managed to recover his password playing with different types of accentuation characters. Mind the differences between ^ and ˆ and consider it on your password recovery process.

From a Mac computer:

• Shift + 6: ^
• Option + i, Space: ˆ

> "^".charCodeAt(0)
> 94
> "ˆ".charCodeAt(0)
> 710

In Windows computers, I believe the similar result can be accomplished as:

• Shift + 6, space
• Shift + 6, [type the next, non-vowel character]

More info here: https://github.com/ethereum/mist/issues/2077#issuecomment-310897624

[SasaETH]

Hello, Before about one year I installed wallet version 8.1 and blockchain was about 120gb.I made password and wrote her on paper.Also I transverred 1 eth in wallet and with that password I sent them back on my poloniex account.Everything was great and success.After that I made several transactions in my wallet and everything is visible on blockchain.After few months I bought new laptop and installed wallet again with my wallet key.Now when I try to transwer my eth to any exchange I get message that password is wrong. I see that my blockchain is about 23 gb now,If that can be problem?If that is problem,how to get blockchain with 120gb?

[anormore]

Hey @evertonfraga, I used the Staging.Ethtereum website to create my wallet. I'm wondering what OS and characterset your computer used? I've got a pretty solid Hashcat job running now, and can load in special characters.

So, what are the outcomes if I had entered !Password1 in to your website from a Windows / Mac computer? What if my keyboard is set to French/English, is the ! treated as a different character, which generates an entirely different wallet hash?

[evertonfraga]

@anormore The use of ! might suggest string truncation, but unlikely to have happened during presale, only when created via stdin.

Associated risks with use of the specific ! character between languages are low to unknown.

[p0mmi3]

@evertonfraga

Tried to truncate the password too, tried both, by including ! and without it . :/ No cure. Any other known issues with $ # or @ ?

[sebd-davra]

I have only alphanumeric characters and I copy pasted from keepass then this method is not working.

[anormore]

@evertonfraga May I ask what work is being done at Ethereum to rectify this issue? How serious is this to your organization? Are you simply collecting data, or is this a larger issue at the office? It's nice to see this is an officially recognized issue, but what does that mean for us and the community?

[alxlv]

@evertonfraga, Have you ever tried to reproduce issues with empty Mist password when Skip button used? Is it possible with old versions of geth/mist (May release 0.8.10)? Can you run a round of tests for this case? I have been running the hashcat tool for about two months but still without success.

[evertonfraga]

@anormore I am collecting and organizing the information that was spread throughout various issues. I've read the entire history of people with password issues, and I've raised some questions, which I put on that form, which I consider the best way to do so.

@marcgarreau and I have conducted several tests, trying to reproduce this issue but couldn't until now. The existence of a software issue is still unconfirmed, meaning that there aren't any successful reproducible steps, neither from the community nor the team. We're relying on reports, from different classes. Some examples include:

• People having problems with presale wallets that were created even before Ethereum Wallet was released.
• People having problems with accounts created within Wallet.

I believe this is a tough subject with several other classes of issues, and I want to stratify, and ultimately, solve them.

We'll use this place as "rally point" regarding this issue and keep you informed of our efforts.

[anormore]

Thanks @evertonfraga this statement alone makes me feel less stressed.

[r3lax3d]

I am sorry to write in my role as IT Delivery Manager here. Not to abuse people and slow down the positive input here but this is a MAJOR issue that should have high priority and is OS type, Mist, Wallet and Geth version independent. Mist Version 0.9.2 also creates this issue. I am missing a taskforce here. High impact on future usage of Ethereum it's blockchain. Two years and no detailed test reports ? How many people are involved ? Why is this not on the agenda of the Ethereum Core Devs Meetings.

[p0mmi3]

@r3lax3d

Were you able to recreate this issue in any of the versions of mist after the first attempt or the original locked out account? Or are still able to recreate it?

[r3lax3d]

@pavneet09 Hi there, After a hectic day of troubleshooting and try-outs I will backup files wich are created and still on disk from first installation on the 4th of Nov. 2017. And I will start tomorrow with a clean sheet more structured way to either solve it or recreate the issue. Keep you informed and please do a recap of the type of files you are interested in. Thnx in advance. P.s my env. is Fedora 27

[p0mmi3]

I have been trying to recreate the issue on pretty much all available versions of Mist just to send the input to the Dev team. As mentioned earlier the team has not been able to recreate the issue, and after being on these password threads for months, it seems no one has been able to recreate it after the first off chance which makes fixing it all the way more difficult. I understand the frustration as I am in the same boat as you, but lets hope one of us is able to recreate it, will go a long way in being able to getting this fixed! Good luck!

[r3lax3d]

I agree. Thats why we have to reproduce it exactly. I will start a clean install. Create the password while the blockchain still isn't synced and so on. Is there a possibility to create more debug info ?. We see. Thanks so far !

[KuzmichE]

created the address ethereum on June 11, 2017 in the ethereum wallet. Before translating all the funds from Poloniex, I made a test transaction. The password worked. it was July 30, 2017, the password was immediately written down on paper. Now installing on a new system, the wallet says that the password is not correct. Also does not work through the site myetherwallet.com.

[ontheronix]

Isn't it more efficient to reverse engineer the passwords in stead of trying to reproduce the problem?

[anormore]

@ontheronix no -- We need to reproduce the problem, in order to reverse engineer a password. I'm currently running 50 billion password combos a day. Semi-blindly.

[ethtester]

@anormore how are you running 50 Billion combos a day? I assume it is pre-sale and not a Mist Scrypt encrypted wallet?

[anormore]

Running a GTX 1080, we've got a decent thread started here: https://hashcat.net/forum/thread-7181.html

I was wrong, not 50 billion, but 34,359,738,368 is pretty close ;)

Yes, Ethereum Pre-Sale wallet from August 2014.

[Klusjesman]

I am running Mist 0.9.2. There was never a question about a password. I have a lot of wallets for all kinds of coins and did only set a password when it was required. For the Mist wallet it was not required (or empty string). I am 100% sure, since I created the wallet only 2 months ago. Also I am using the same password on all my coin wallets. This password does not work either.

[7iain7]

i have the same issue. I have two accounts in my wallet with same password. main wallet is ok. but account 2 keep saying wrong password.yet its has the same password as account 1. For me its only a small amount. (0.09) but i really feel for people with larger amounts.

[SasaETH]

Hello, Before about one year I installed wallet version 8.1 and blockchain was about 120gb.I made password and wrote her on paper.Also I transverred 1 eth in wallet and with that password I sent them back on my poloniex account.Everything was great and success.After that I made several transactions in my wallet and everything is visible on blockchain.After few months I bought new laptop and installed wallet again with my wallet key.Now when I try to transwer my eth to any exchange I get message that password is wrong. I see that my blockchain is about 23 gb now,If that can be problem?If that is problem,how to get blockchain with 120gb?

[7iain7]

Although it's usually OK, sometimes if you copy and paste a password it is possible to copy white space at the end of password. Try manually putting the password in if you have not already tried.

[7iain7]

This a long shot, if you have use the `@' in your password try using %40 instead of @.

[anormore]

No kiddin? I'll try this for SURE.

[sebd-davra]

And If we have only alphanum characters (hex characters abcdef0123456789) but a 64 characters password, what we can do ?

[7iain7]

The is a small possibility @ got convert to %40 https://stackoverflow.com/questions/9193078/converted-to-40-in-httppost-request

[anormore]

@Sebd-darva that sucks man, that's a LONG password to try and crack. I'm taking offers to try and crack passwords, I've got everything setup smoothly and am pretty adept at it now. If you're confident you don't have special characters, and you know it's 64... It seems likely I can help you. Maybe..

[sebd-davra]

Ok if you can help me :)

[anormore]

Send me an email at AndrewNormore@Gmail.com

[oldmate89]

Thanks @7iain7 - that is really helpful. Has anyone used this with their wallet to resolve their wrong password issue?

Applying the same logic - see attached link which would show conversion of other characters: https://www.obkb.com/dcljr/charstxt.html

[p0mmi3]

I believe if it was an issue of conversion then the whole string would get converted instead of just the special characters.

Having said that, I just tried the options of using all terms as HEX, just the special character, each special character separately, but unfortunately that did not work..

[7iain7]

Would you just try one more thing please. Only change the @ to %40 and leave the rest if the password as is.

[p0mmi3]

Just tried that too, unfortunately nothing changed and the yellow wrong password box continues to haunt :/