Welcome to mnemonic hell.
On December 19th 2020 Miguel Cuneta (@MiguelCuneta) / Twitter tweeted: Helping a friend recover his old blockchain wallet from 2013. Crossing my fingers for him because the $50 he won from our UFC betting is now $3000+
Miguel sent us 17 words, a wallet.aes.json and a bunch of hints, like his friends name, year and month he created the wallet and some variations of the password.
Immediately we started brute forcing the password using custom made algorithms and our custom built password cracking servers. Oh how little we knew about how the next couple of weeks would unfold.
Even with the simplest hints our algorithm can find a Bitcoin wallet password with up to several errors adding random character in between, removing characters and prepending or appending random characters and words. In most cases this will work if the hints are anything close to the final password. We had good hopes as the wallet itself was a blockchain.info V1 wallet that we could try almost 300million different passwords per second. On one big GPU server. And we have many…
Let the battle begin!
Like the old siege of Jerusalem, we tried with sheer force. Our algorithm tried all possible combinations up to 13 characters without luck.
1 week passed. We thought there must be another way.
Luckily Miguel sent us a 17 word sequence called mnemonic seed. Unfortunately not supported anymore by blockchain.com. Instead they now use a 12 word mnemonic from a 2048 word list that is your private key encrypted.
The old mnemonic was your walled ID and password encrypted using a variety of words. But the word list were nowhere to be found. They could be anything from 15 to 21 words or more. They had three different encryption variations and used a different iteration (times the password was encrypted using that specific algorithm). Traditional mnemonic seeds used with Ledger, Trezor, Electrum or Bitcoin Core wallets were...
