PBKDF2 variant

Ethereum Keystore PBKDF2 — Hashcat Mode 15600

TL;DR — Ethereum keystore files (web3 JSON format) come in two variants: PBKDF2-SHA256 (mode 15600) and scrypt (mode 15500). The PBKDF2 variant uses 262,144 default iterations and is faster to attempt per password than scrypt. Recovery feasibility depends on password complexity.

Web3 keystore format

The standard Ethereum web3 keystore is a JSON file containing the encrypted private key. The 'kdf' field specifies which KDF was used: 'pbkdf2' or 'scrypt'.

PBKDF2 keystores (mode 15600) use HMAC-SHA256 with c=262144 typical iterations. The cipher is AES-128-CTR.

Older geth and Mist clients defaulted to PBKDF2. Newer clients (since geth 1.6) default to scrypt for stronger memory-hardness.

Recovery characteristics

262,144 SHA-256 iterations is moderately expensive on GPUs but tractable for typical password searches. Throughput is slower than WPA's 4096 iterations but vastly faster than scrypt.

Strong random passwords (12+ chars from full set) are typically not recoverable. Personal passwords often are.

Frequently Asked Questions

How do I tell PBKDF2 from scrypt keystore?

Open the JSON file. The 'kdf' field is either 'pbkdf2' (mode 15600) or 'scrypt' (mode 15500). Trivial to check.

Can I import the recovered key?

Yes — into MetaMask, MyEtherWallet, hardware wallets, geth. The recovered private key is the same regardless of original keystore format.

Related references

m15500Memory-hard scrypt m26600Browser-extension vault

Have a wallet to recover?

Start with a free analysis. Encryption format is detected, free check runs first. Pay only if recovery succeeds.

Run a free wallet analysis