When you choose your password through Multibit’s user interface, the software passes it as an argument to the PKCS5PasswordToBytes method, which is part of the Spongy Castle library. This method accepts the password as a char array and outputs it as a byte array. It is later used to either encrypt or decrypt a .key file. Below, here’s how the method is implemented in the PBEParametersGenerator.java file. Can you spot the bug?
public static byte[] PKCS5PasswordToBytes(
char[] password)
{
byte[] bytes = new byte[password.length];
for (int i = 0; i != bytes.length; i++)
{
bytes[i] = (byte)password[i];
}
return bytes;
}
In Java, the char type is made up of 2 bytes; however, the code above assumes that a char is made up of only one byte! Thus, for each char processed in the loop, the low-order byte is kept while the high-order byte is discarded. Under the right circumstances, this can become an issue.
Since Java relies on the UTF-16 BE charset, Multibit encodes the password as 20 AC when it is entered in the user interface. When it is converted through the PKCS5PasswordToBytes method, the high-order byte (20) is dropped whereas the low-order byte (AC) is kept.
Unlike with our previous example, AC is not the proper encoding for our password in any of the charsets above. As such, a password cracker may fail to decrypt the .key file even with the correct password.
What are your options?
If you haven’t done so already, you should try to unlock your wallet through Multibit Classic directly. Unfortunately, this approach quickly becomes impractical if you are unsure of your password and must type in every guess. In such a case, you will need a password cracker.
You can avoid the bug described in this article by using the password cracker on a .wallet file instead of a .key file. While this approach beats typing in every guess, it scales terribly as the .wallet file has much better protection against password crackers than the .key file. Moreover, some of these tools have their own set of character encoding issues you should be aware of.
If you use the password cracker on a .key file, they are multiple workarounds for character encoding issues, but they should be evaluated on a case-by-case basis and it is outside the scope of this article. I encourage you to keep doing your research or to contact me.
