Generating A Lost Password By Traveling Back In Time

It’s probable that some of you reading this will have been approached in the past by people who’ve lost the password to their crypto wallets. They hear that you’re involved in some kind of “hacking”, and they cling to the forlorn hope that you might just be able to recover their lost wealth. For most of us there’s little chance we can help, but in [Joe Grand]’s case he has made it something of a specialism. He’s given an account of how he and a friend recovered a particularly difficult password.

The password in question had been generated by RoboForm, a long random string that was impossible for its owner to remember. The only chance of finding it lay in discovering a flaw in RoboForm, and that seemed hopeless until the discovery of a changelog reference to improving the random number generation of the software.

The video below details some of the detective work required to find the password, first reverse engineering an old version of RoboForm to find the flaw, and then the discovery that the random seed was derived from the system time. A range of passwords could be created for a given time frame, reducing the odds of finding the password considerably. The story is not without its twists, but it ends with the wallet’s owner rather theatrically being presented with a giant fake Bitcoin check.

5 thoughts on “Generating A Lost Password By Traveling Back In Time

  1. time(NULL) is not the most secure method of seeding a PRNG, I think banging your fists on the keyboard would be more random. We can iterate through all times in a given range to find the state which corresponds to the input seed. In C we could check billions of passwords per minute.

        1. SSH does the same thing when generating a public key. However, it’s combined with system random values thereby not relying on either one to be entirely random.

  2. See. That’s why I just use the same Password1! for everything.
    Completely off-topic… Why don’t secure systems have increasing time delays between specific user attempts?

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.