Recovering Your Cryptowallet

What happens when you can’t access your cryptowallet, and you have forgotten your password? Well, hopefully, you have stored the…
Photo by Simon Rae on Unsplash

abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon cactus

What happens when you can’t access your cryptowallet, and you have forgotten your password? Well, hopefully, you have stored the encryption key used by storing a 12-word phase:

So, how do we recover this? Well we can use BIP39 and which is a Deterministic Key Generation method. With this we can derive an encryption keys for a known phrase. In the BIP39 standard there are 2,048 words, and if each phrase has 12 worlds, then there are 2048¹² different permutation — giving 2¹³² different bit values (or 132 bits) . The first few words are [list]:

abandon
ability
able
about
above
absent
absorb
abstract
absurd
abuse
access
accident
account
accuse
achieve

The Golang code to covert is [here]:

package main
import (
	"encoding/hex"
	"fmt"
	"github.com/tyler-smith/go-bip39"
	"os"
)
func main() {
 ent:="00000000000000000000000000000000"
 argCount := len(os.Args[1:])
 if (argCount>0) { ent= (os.Args[1])}
 entropy,_ := hex.DecodeString(ent)
 mnemonic, _ := bip39.NewMnemonic(entropy)
 fmt.Printf("Random %x\n\n12-word phrase %s\n\n",entropy,mnemonic)
	
}

A sample run is:

Random: 00a84c51041d49acca66e6160c1fa999
12-word phrase: absent draw begin amused stand stool civil system bid genius tuna cram

To do the reverse [here]:

package main
import (
	"encoding/hex"
	"fmt"
	"github.com/tyler-smith/go-bip39"
	"os"
)
func main() {
 
mnemonic := "all hour make first leader extend hole alien behind guard gospel lava path output census museum junior mass reopen famous sing advance salt reform"
  argCount := len(os.Args[1:])
  if (argCount>0) { mnemonic= (os.Args[1])}
 res:=bip39.IsMnemonicValid(mnemonic)
 seed := bip39.NewSeed(mnemonic, "TREZOR")	
 fmt.Println("Phrase:",mnemonic)
 fmt.Println("Valid mnemonic:",res)
 fmt.Println("Seed:",hex.EncodeToString(seed))
}

A sample run is:

Phrase: abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon cactus
Password: BILL

Valid mnemonic: true
Seed: d184a269b4ea26dec12ed35e432e7d687a3b2b767a74e6b01b4009f991eda6dfbcc5f98e31409db7560a5640698094dcc190a0532f1360972e4cf3a8b594f936

For this we basically take the phrase, and then “mnemonic”+password as the salt, and perform 2,048 iterations for PBKDF2 for a SHA-512 output (512 bits). Now we will test this with Python:

import passlib.hash;
string = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon cactus"
salt="mnemonicBILL"
from passlib.utils.pbkdf2 import get_prf,pbkdf2
s2 = pbkdf2(string, salt, 2048, keylen=64, prf='hmac-sha512')
print s2.encode('hex')

When we run this we get:

d184a269b4ea26dec12ed35e432e7d687a3b2b767a74e6b01b4009f991eda6dfbcc5f98e31409db7560a5640698094dcc190a0532f1360972e4cf3a8b594f936

and which is the same the previous run in Golang.

Conclusions

Any there you go. The best security that you can have for cryptocurrency is to keep a paper wallet, and not put your digital wallet on-line.