I’m able to write this blog post because I have just recovered my OS X login / keychain password half an hour ago. If you’re in a rush you can skip the story part and go to the guide.
I came back from a two week vacation and after 2.5 days, shortly before lunch, I couldn’t type my password anymore. I’ve been using this password for the last couple of years and entered it on average maybe 10 times per day. The visual or concrete representation I had long forgotten. I was only relying on my muscle memory and the rhythm when entering it. Now something was missing and with every failed attempt the stress level increased and I started training the wrong password.
After two days I decided to start from scratch. Clean install, reset all passwords (I still knew my email password), take care of online banking accounts, paypal, serial numbers and pass phrases for my ssh keys which were deployed on about 700 hosts (!!!) – all of which was stored in my Keychain on OS X. I still had an unencrypted backup from 6 months ago with the bulk of my old data. My online backup, which I was so proud about, was encrypted with the same forgotten password, which rendered it useless. My SSD was FileVault encrypted so the recent data was completely lost.
In parallel I started a text file and every now and then tried to tap my muscle memory for the correct password to avoid repeating the wrong one and also to see which parts of the password were the same each time.
From that I knew that the password was between 17 and 19 characters long. I was pretty confident about the first 11 and the last 2 characters which left me with 6 unknown. Luckily I could also limit the set of characters that could have appeared in that position and with healthy brute forcing effort I finally have my password back. I forgot about 2 characters.
Recovering a Forgotten Password
Step 1: Write down everything you still remember about your password
Which phrase, word or thing it was based on. Estimate how long it was. Make a couple of muscle memory attempts in a text file and try to find parts you think are correct. Try to identify the parts were you feel something is off. Were any characters doubled as in ‘aa’ or ‘pp’ or were all characters in the password unique? Did you use lower case, upper case, numbers and symbols?
Step 2: Create a Charset
Make a list of characters which were part of the password and add those characters which you would use for passwords in general. Exclude the once which you are certain that you wouldn’t use them. Put the characters in which you are unsure about. Keep that list as short as possible. Sort that character list: lowercase letters, uppercase letters, numbers, symbols
Step 3: Create a Word List
Generate permutations of your password. To do this you can download one of many tools. The one I have used is called crunch and this is how I have used it:
./crunch 19 19 -f ./charset.txt hukl \
-o ./wordlist_18.txt -d 1@ -d 1, -d 1% -d 1^ \
This is telling crunch to create password permutations which are 19 characters long, using my custom list of characters, with no duplications of lowercase letters (@), uppercase letters (,), numbers (%) and symbols (^). I also provided a pattern with all the parts of the password which I felt quite confident about and used the @ symbol at the positions I wasn’t sure. The @ symbol in the pattern is replaced with characters from the provided list of characters. Even though I knew 13 of 19 characters and I limited the character set, the resulting wordlist was still 8GB large. It grows quickly the less certain you are.
Step 4: Acquiring the Hash
Passwords are usually not stored in plain text. Otherwise the recovery process would be quite simple. In most cases they will be stored using a cryptographic hash algorithm which only allows encryption but not decryption. When trying to bruteforce a password you need to know which algorithm was used and then use the same algorithm for your variations of the password. The process is successful if the same hash is found. Now in my case I wanted to unlock the OS X login keychain to get access to my passwords, serial numbers etc. To do that I needed to extract the password hash from the file. Luckily, JohnTheRipper, the tool which I used for the bruteforcing, came with a keychain2john converter tool.
Many other files can be handled directly. Google what you need to do for your use case. I’d guess that many other people had the same problem as you.
Step 5: Brute Force Time
The most popular tools are JohnTheRipper and hashcat. Look them up and read what they can and can’t do. Read the documentation to find which options suit your scenario. Mine looked looked like this:
./john --wordlist=wordlist_19.txt ~/keychain/converted_keychain
There are many more options available but my work was mostly in crafting the wordlist so JohnTheRipper was just needed to efficiently go through it. There is an option to use multiple process forks but my wordlist was to large for that option so I let it run on just one core at about 10k passwords per second. If that would have failed I would have used hashcat on a machine with plenty of GPU power but luckily I didn’t have to go that far.
After 6 hours, half way through the wordlist, my password was found. My muscle memory forgot about 2 characters!
List Of Tools
- Have a recovery strategy for your login password / your password manager master password
- The shorter you can make the wordlist the better. If you know something about the order try using this to compile a shorter list. A colleague of mine wrote a quick and dirty program in Go to do that. Basically for each position in the password you can provide a list of characters that are likely to appear there. This way you can define an order and a character set and keep the wordlist short.
- Print out those recovery keys
- Have a local unencrypted backup if your individual paranoia level allows it