Hello There, Guest! Login Register

See your banner advertised here



Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hard Lesson on Wallet Encryption - Test Your Wallets FIRST
#1
http://bitcoinmacroeconomics.com/2014/04/13/hard-lesson-i-want-to-share-with-others-wallet-qt-encryption/

Hard Lesson I Want To Share With Others – Wallet QT & Encryption
by woodman • April 13, 2014 • 15 Comments

I have a very hard lesson that I feel is important to WARN others about. I’ve have a wallet QT that will not send and I want to share a couple of points that I feel are important and are not disclosed, so I will here.

I “invested” in Litecoin and was careful to read instructions for a couple of months before jumping in as i wanted to do everything correctly. I set up the Wallet QT with the download and the wallet received coins fine, but since I had not planned on selling any, I had never had the need to “SEND”.

Before all of that, I encrypted the wallet and was very careful with the passphrase and I set it up and made multiple copies, wrote it all down, and had the passphrase written down in multiple places, so it’s not a matter of me losing it.

What I learned:

1. Never load wallet with any real amount of coins UNTIL you know that it sends properly, so you don’t run into the same problem as I did.

2. Always get the private key before encrypting the wallet, because once I was locked out, I could never get the private key, and having that I may have been able to import that wallet.dat file into another machine and QT, but could not because the private key was not able to be had.

3. **** (see below with update) ADD RECEIVE ADDRESSES AFTER ENCRYPTIONTHIS IS NOT THE PROBLEM AFTER TESTING, ELIMINATE #3. RECEIVE ADDRESSES CARRIED OVER AFTER ENCRYPTION WHEN TESTED IN QT. PROBLEM IS COMING DOWN TO #1. OR #2. OR A FLAW IN DESIGN OF WALLET QT AND LACK OF PROPER TESTING OF WALLET. 4-19-14



I had help from an engineer. He ran two different software programs. He tried to bruteforce attack the wallet, but was unable to.

Since I had the passphrase written down, I gave it to him (I had no other choice) in hopes that that would help him bruteforce it or use it to crack it with software like Crunch. We both thought that would resolve it as I had the passphrase written down.

Both methods did not work, despite having the passphrase, which brings me back to the Private Key.

Like I said, I researched this wallet QT for a couple of months and was very careful in studying up on the encryption part and was aware of the warnings, especially writing it down and making sure not to lose it. What I think it comes down to getting the Private Key before any encryption.

I want to give a FAIR WARNING to anybody and everybody about this. I do not want this to happen to anybody else, let alone have them lose money, or a significant amount, or any amount.

I do not feel as though this was disclosed in a manner one would expect given the outcome. I have to take full responsibility, but I also have to give a FAIR WARNING to others, to take heed. I wouldn’t wish this upon anybody else.

I’m curious why the two lessons (see #1. and #2. are not disclosed on the official website of Litecoin) are not clearly discussed on http://www.litecoin.org?

It is one thing to be able to RECEIVE, it is another thing to not be able to SEND. I tried getting help but was told I lost the passphrase or screwed up in encryption somehow. I still do not see how.

The engineer that helped me was able to tell me that it was not a matter of capital letters or being one letter off, etc. But then again, he was unable to bruteforce it at all. That is where it came down to the Private Key issue. He said with that, there would at least be a possibility, but that is where it lies for now.

I do not see anywhere that it says to get the Private Key before encryption. One would think that would be an important point to have on a homepage, rather than not being properly disclosed, with instructions coming from a multitude of forums.

I guess if any Alt Coins want any real credibility in the real world, they will have to do a proper job of disclosing things, as i feel kind of stupid, but not stupid to the extent that they accused me of losing my passphrase which is not true. Given the fact that it would not allow Bruteforce attack makes me wonder even still what the cause was, perhaps I will never know. But it is important to let others know the lesson, as this didn’t go so well as an “investment”. I never got the feeling that Litecoin really cared, but their lack of disclosure is telling enough.

Perhaps the technology will change and eliminate these problems. Perhaps there is a solution. All of which, this could all be avoided, and needs to be fixed before this currency can even expect to go mainstream. After all, it is disclosed to encrypt. And it was, and it was written down.

FAIR WARNING TO ALL. 1HE858Ln14qUWdwv48dwnkCyXMQUeTaDCY

Donate if you feel this was helpful and you feel coins need to disclose all, because they are not. So I did.

ADDITIONAL READING: https://en.bitcoin.it/wiki/How_to_import_private_keys *Note this is BTC info, though I had issue with LTC, and that’s the problem.

Below is NOT accurate. Someone tested this and the below is not “true”. Through process of elimination, #3. is not the problem for this very reason. 4-19-14

3. ******(UPDATE) I was asked if I added RECEIVE ADDRESSES before or after encryption, and I set up the RECEIVE addresses before I encrypted, as I recall. That was one of the first things that I remember doing, but we are going back to last year! I was told that if I set up RECEIVE addresses before encryption, then that is my problem. The reason apparently is because when you encrypt, it throws out the old keys for the addresses. Nowhere do I recall seeing this stern warning, ever. But this sounds right, but how was I to know? So now it comes down to whether I have a backup of the wallet from before encryption (which was before I received any coins). Decryption is also a possibility, but nobody knows how that is done in this situation. Above is not accurate, so this eliminates #3. 4-19-14

So let it be a warning, since this is not BOLDLY disclosed on the http://www.litecoin.org homepage from what I can tell, is DO NOT LOAD A WALLET with coins until AFTER encryption, because it generates new keys for the receive addresses. (Not accurate or true as when tested, disregard, see “blue” text which eliminates #3. as being problem, this information was wrong information and proven wrong when tested.)

So I was told I lost the passphrase or inputted it incorrectly. I do not believe that to be the case. I do believe that what happened was I set up RECEIVE addresses prior to encryption, and then when I encrypted, it caused me grief. This sounds accurate. This is the hard lesson I am thinking is the problem. Once arriving at the problem, the lesson can be learned. Whether or not there is a solution remains to be seen.

I will say this, the instructions for the wallet QT’s need to properly disclose the pitfalls in advance, with a step by step, because users of cryptocurrencies shouldn’t have to learn the hard way. It shouldn’t come to months of trying to figure out the problem, only to have to help instruct others, but this is what it came to. There needs to be a manual that points this out. I have.

What to avoid. #1, #2, and #3. I think these are sound points to be made and should be posted clear as day. Again, I don’t want anyone learning the hard way. Seems like #3 is where I screwed up, having to take full responsibility. Seems to me this could all be avoided. Development is one thing, basic instructions and warnings to the users is another. After testing, #3. IS NOT THE PROBLEM AS WHEN TESTED, THIS WAS NOT THE CASE, WHICH ELIMINATES #3. AS THE SOURCE OF PROBLEM). THIS MEANS THAT PROBLEM IS GOING TO BE #1. OR #2. AS THE PROBLEM OR LITECOIN HAS A FLAWED WALLET, ONE THAT THAT WAS NOT PROPERLY TESTED. 4-18-14

5-5-14 Notes:

Digging through encryption or bin/ 32/ litecoin-qt and come across the following and don’t know if it is jibberish or what, probably, but worth noting.

Warning: error reading wallet.dat! All keys read correctly but transaction data or address book entries might be missing or incorrect.

“Warning wallet.dat corrupt, data salvaged! Original wallet.dat (timestamp).bak in %s if your balance or transactions are incorrect you should restore your backup bitcoin.core

You must set rpcpassword in configuration file”

Found more stuff I could read. Don’t know if it is even real or just encrypted garbage or fluff I found.

http://cur.lv/952hw


Attached Files Image(s)
   
 
Reply
#2
Dude, you're scaring the crap out of me!
I also have a Litecoin QT which I believe is encrypted and I can't remember if I ever spent a single one.
I will have to check soon!

PS - It would help tremendously if you would be kind enough to either make paragraphs or ask MMH to do it for you.
 
Reply
#3
(03-06-2015, 12:36 AM)CoinHD Wrote: Dude, you're scaring the crap out of me!
I also have a Litecoin QT which I believe is encrypted and I can't remember if I ever spent a single one.
I will have to check soon!

PS - It would help tremendously if you would be kind enough to either make paragraphs or ask MMH to do it for you.

 
 
Reply
#4
(03-06-2015, 12:36 AM)CoinHD Wrote: Dude, you're scaring the crap out of me!
I also have a Litecoin QT which I believe is encrypted and I can't remember if I ever spent a single one.
I will have to check soon!

PS - It would help tremendously if you would be kind enough to either make paragraphs or ask MMH to do it for you.

I doubt you would have the same problem, but do test it, there have been some people that have had problem.
The original post has the paragraphs and didn't carry over. Refer back to the original.
Lesson learned, always test your wallets before you put any real amount of coin in it. Make sure it sends and receives after you encrypt it and once you know, start stackin, not until. This one hurt.
 


 
 
Reply
#5
So after reading your post, I checked out my QT and saw that I never spent a single litoshi from it.
I've had this wallet for over a year and it is encrypted.
I spent the past 5 hours synching it from the previous 14 weeks!

I just tested it and Yay!!!Smile
I'm happy to say I have successfully sent 1 Litecoin to myself at an exchange account.Big Grin

PS - I have to say that Litecoin confirms superfast compared to Bitcoin right now!
 
Reply
#6
It was really painful reading that post for two reasons:
 
  1. Formatting. If you really want this to be of any value to anyone here, you should edit the post and add formatting. 
  2. Your broken wallet has obviously caused you significant grief.



I have to say, if I understand correctly, that I have never heard of any issues due to when encryption was applied to the wallet, and to me it still sounds like a forgotten password.

How much Litecoin is in the wallet?
What OS is on the machine with the wallet? 

Not sure if you've given up at this point or not, but you shouldn't. There may still be hope.

​TT

EDIT: not a "forgotten" password, but a password issue. Seems certain it was not forgotten, but still seems to me that the issue leads back to the password in one way or another.
 
Reply
#7
Linux Mint, probably Ubuntu at the time...
I never lost the passphrase I can assure you of that. I learned a few things with this lesson, and also realized Litecoin isn't worthy.
 
Reply
#8
(03-06-2015, 10:52 AM)btcmacroecon Wrote: Linux Mint, probably Ubuntu at the time...
I never lost the passphrase I can assure you of that. I learned a few things with this lesson, and also realized Litecoin isn't worthy.


Did you check out all the links from your comment section?

I saw this comment on a page from a link.

"t's possible that Ubuntu uses a different keyboard layout to the one you're trying to open the wallet on. The letters you think you're typing are actually not the ones the computer is seeing. Have you still got the Ubuntu boot disk? If you have, boot into it, open a text editor, and type the password. Make sure it appears the exact same way as you're typing. Symbols, punctuation, and the characters on the lower left of your keyboard are the ones to check most vigerously. This is a very plausible explanation, and has caught me out in a different situation perviously. –  Anonymous Dec 6 '13 at 3:51"

http://bitcoin.stackexchange.com/questions/18100/need-help-with-encrypted-wallet-dat-i-cant-access-it-with-my-expected-pass-phr

Just checking, have you looked up your balance on a block explorer?

The reason I asked what wallet you used, was the thought that it might have been a wallet from someone else, not allowing money to be taken out, but I see you said that it was straight from the litecoin page. I don't know if there was ever a look-a-like Litcoin page with a mispelling or anything. Just an idea.

It does sound like it has to do with the encryption after already having your addresses, scary stuff!

Did you check out this thread, I know it's long, but someone said they found a solution and posted about it in post #312
https://bitcointalk.org/index.php?topic=85495.msg3882236#msg3882236

That may not be exactly what you're looking for, since you said you tried to brute force it already.

Edit: Also check out this page: http://www.walletrecoveryservices.com/information.html

http://www.whatscryptocurrency.com
 
Reply
#9
Yah i researched this one tough....I haven't given up but been several months!
Yah i remember that unbuntu layout, but that just keeps me diving down a hole and lot of high tech stuff, esp now that I'm onto to Linux mint, but i'll keep that in mind....I don't have the ubuntu disc per se, i do have the Linux Nadia 14 disc and think that had the Ubuntu. I'll keep this all in mind....

i did check the blockchain several times and the coins still sit there!

Thanks for the helpful information, I can only keep trying and learning....tough way though. Litecoin was thinking keyboard layout...but where does a guy like me go? Not everybody is an expert in encryption, their computer, ubuntu, computer language and keyboard layout, I mean let's face it, i followed the instructions i found and nowhere was any of the basic stuff disclosed. Again, test your wallets with faucet chump change and make sure your wallet receives AND SENDS before loading it with any real amount of coin. That's the thesis statement right there and what I want to convey to others the most. i can't believe that is not disclosed and nor did i get the feeling anybody really gave a rats ass either.  I can see why Litecoin is at the price it's at.
 
Reply
#10
The lesson here, to check the functionality of a wallet before depending on it to function properly, is a good message for everyone, regardless of what actually happened with your situation.

That said, I have two suggestions:

You said that the brute force attempts tried different variations on the characters in your passphrase. Did you try variations in your spaces? Two spaces instead of one or no spaces at all? I'd try this randomly between the words in the passphrase.

More obscure possibly could be this: I deal with text files quite a bit in my job. I am aware that the hexadecimal encoding of "ENTER" is different between ASCII and EBCDIC. This causes problems for us sometimes when someone creates a text file on a mainframe machine because the "end of line" representation on a main frame (EBCDIC) has a hex value of 0A (Line Feed) but most modern systems represent the end of line as 0A0D (Carriage Return, Line Feed).

Maybe this is all BS, but you mention a non-standard keyboard, so I'm wondering if it's possible that you hit Enter after putting in your passphrase, and it added an invisible character, a Line Feed (hex 0A) to the end of the passphrase.

This is really a long shot, but I think you can type a LF only (instead of CRLF) on a modern keyboard as alt+10 (http://www.theasciicode.com.ar/ascii-control-characters/line-feed-ascii-code-10.html) so maybe try it by entering the passphrase then alt+10, then hit the regular Enter key or Okay button or whatever and see what happens.

​TT
 
Reply
  


Possibly Related Threads...
Thread Author Replies Views Last Post
  Darkcoin / DASH wallet needs upgrading MakingMoneyHoney 3 257 03-30-2015, 06:04 PM
Last Post: MakingMoneyHoney
  Making Paper Wallets with BitcoinPaperWallet.com MakingMoneyHoney 0 174 03-17-2015, 12:49 PM
Last Post: MakingMoneyHoney
  Ledger introduces “hardware” BTC wallet bitcoincasino.info 0 225 01-02-2015, 09:12 AM
Last Post: bitcoincasino.info

  • View a Printable Version
  • Subscribe to this thread
Forum Jump:


Browsing: 1 Guest(s)