To my knowledge, there are ~7777 words in the wordlist used to generate passphrases.
My request is the words in this list be made shorter. The passphrases themselves will lose no security potency (each word adding log(7777) bits of entropy), but the number of characters in the passphrases can be significantly cut down, while still keeping them recognizable/human parsable.
The reason to cut down on the number of characters is because, stupid as it is, some apps limit the number of characters one can have in a password. As a significant example, Nintendo limits pass characters to 20, which lots of the 3-word passphrases surpass easily. mymyki.com.au (the biggest public transport site in Australia) also limits passwords similarly and so that the standard 3-words are largely inadmissable.
It would be easy to get 7777 such short words. For example 4-letter words contains a bunch, words like âbirdâ and âcodeâ.
I use the passphrases as much as I can, but It could also be helpful if it would be possible to generate a passphrase with a maximum number of characters.
But why? The only reason you would do that is if you want to memorize those passphrases. There is nothing wrong with that, but judging by your comment, you do that everywhere and I have doubts you remember them all (Correct me if Iâm wrong). Why not just use 15-20 chars random password. Both more secure and less pain in the a**.
It can all be done in the extension when creating a new account. Just delete a few characters at random. This would be more secure than using the whole words because youâre destroying information and making it harder to crack.
Simple because I cant use Bitwarden everywhere. So sometimes I need to type it over. Besides some random password is not more secure then a password phrase of the same length.
Why would not make the phrase generator have the same options as the normal generator?
If at random take out a few characters would that not defy the purpose of a passphrase? Even so I dont think it would not be harder to crack.
A meaningful addition would be to see how long the password is. I could just generate it again and again until I get a 20char password. The least I get is three words but the words are to long to make a enough random password of 20characters.
If you have to type it over, itâs indeed easier with passphrases.
Sorry, but you couldnât be further from the truth. The strongest type of password is random generated, because there are no patterns in it, itâs just random characters. The only way to break it is with bruteforce attack. An 11-12 char password is safe against any hacker. 15 char is safe against all the computers on earth at once. (applies only to random generated passwords)
A passphrase with a length of 12 basically means no more than 2 words. With the right program and with my computer, I can break it in minutes using a dictionary attack. Ofcourse, this is assuming I knew beforehand that you were using a passphrase system.
What @dangostylver said is actually true. By deleting characters (to a certain point), the passphrase âDlte-Caon8-Helgâ no longer contains real words and become harder to crack.
Everything there is to know about passphrases, search âdicewareâ in google.
Sorry but I disagree. It depends on the system how the password is generated.
And your assuming I use the English language. I would take you computer longer if I was using French words. But 3 shorts words would be more secure, then 2 longer words.
pig|minus|teach or 4veVnhzpbz4iEhi there is not much difference is password strength. The second will be slightly better but both are secure enough. Maybe you could let your computer calculate the difference.
Way I see it, googling Diceware, just proves the point @chausies is making.
This would actually be a useful change. However, it makes sense that Bitwarden hasnât customized the word list. Bitwarden uses EFFâs âlongâ word list, described here:
I suggest also reading the âdeep diveâ which goes into detail on the methodology used in choosing words for the list:
The EFF diceware wordlists are based on Arnold Reinholdâs 1995 diceware wordlist, with a particular goal of greater memorability. As mentioned by EFFâs Joseph Bonneau, âSeveral word lists have been published for different purposes; thus far, there has been little scientific evaluation of their usability.â There are many linguistic and technical factors to consider in producing such a list. And multiple languages.
EFFâs list ended up with longer words than the one it was based. They even outright removed words under three characters. Notably, when EFF produced their âshort list #1â, they did so by removing long words first and the result has words only up to five letters long. Of course, itâs a shorter list, 1296 words vs 7776 words, with a resulting 10.3 bits vs 12.9 bits of entropy per word. But ironically, because the words are shorter on average, âshort list #1â passwords have a higher entropy per character (2.3 bits) than the EFF long list (1.8 bits). (The âshort list #2â is worse on entropy in both categories, 10.3 bits per word/1.4 bits per character.)
However, a higher entropy per character is only useful if you generate your passphrases to fill a character limit. Typical use is to generate a number of words. Not worrying about character limits allows the benefit of longer word lists containing a wide variety of short and long words.
Youâve seen these tables right?
You need to keep in mind that âstrength per wordâ is a function of the length of the word list, and not only that, but to compare them with random-characters you then need to translate âstrength per wordâ into âstrength per characterâ. The Wikipedia tables do not make that comparison, and in fact they can not unless they cite a specific diceware word list (they donât).
But EFF provided a number we can use to compare. Their strongest word list per character is 2.3 bits per character. Compare that with the Wikipedia table. For convenience, here are examples:
character source
entropy, bits per character
EFF short #1 list
2.3
Reinholdâs 1995 list
3.0
numeric (eg PIN)
3.3
case insensitive latin
4.7
case sensitive alphanum
5.9
ASCII printable
6.5
We can calculate it easily by hand using the entropy values in the Wikipedia tables above. You have three words, which Iâll assume is from a typical 7776 word long, widely-known (weâre talking implementation in an open source app after all) wordlist. At about 13 bits of entropy per word, that gets you about 39 bits. Iâll call your choice of separator random, which wins you one random character worth of entropy, or (generously) up to 8 bits. So âpig|minus|teachâ has maybe 47 bits of entropy. â4veVnhzpbz4iEhiâ Iâll conservatively regard as strictly case-sensitive alphanumeric. With 15 characters, it has about 90 bits of entropy, almost twice the entropy. The random character password is much stronger, even with its limited character set!
Anyway, ultimately, the EFF lists were meant to allow random generation of passwords literally by hand. Thus âdice-wareâ. Thatâs why there are specifically 7776 words in the list (6^5). Passphrase generator lists can be much longer, and thus provide greater entropy.
The solution may be to provide a selection of word lists, in various languages, and allowing to select from multiple (merge sans duplicates) suitably-published wordlists.
This statement is where the inaccuracy lies. You say âof the same lengthâ, but what do you mean by this? One would assume that you mean âof the same number of charactersâ, but if you do mean that, then your remark is untrue, by virtue of how dictionary attacks work; if the adversary knows you are drawing words from a particular wordlist, they need only try combinations of words in that list, and not all possible combinations of individual characters.
The system in question was stated: use the set of all possible characters. Assuming printable ASCII characters only, the statements made by @Nik1 are basically true. There are 95 printable ASCII characters, so that if you want at least 128 bits of entropy (which is considered impenetrable), you need only choose a 20-character string using that set of characters. In order to crack a password with 128 bits of entropy within the current age of the universe (14 billion years), an adversary needs to attempt 8Ă10^20 passwords per second.
10 characters will suffice in most commonplace applications, since this provides over 64 bits of entropy. If we assume that an adversary can attempt 1,000,000,000 passwords per second, then it takes them ~270 years on average to crack such a password.
Even if we restrict ourselves to the 62 alphanumeric characters, then 128 bits of entropy still only requires 22 characters, so there is no real need to use the larger set of all printable ASCII characters.
By comparison, the 2nd edition of the OED contains ~170,000 English words. To get 128 bis of entropy using that wordlist, we need a passphrase of at least 8 words â 7 words gives us 121.6 bits of entropy, though, which certainly suffices. The average length of an English word is around 5 characters, though, so such a passphrase, with spaces between words, will likely be around 41 characters. Not bad, and passphrases are definitely nice because theyâre more memorable, but in order to compensate, they undoubtedly need to be longer in terms of the number of characters; around double as long, from these calculations.
i think there should be a max length on the character count of the passphrase generator. i dont think words should be removed from the list, though. the max length would filter it down for us.
Didnât check but last time I saw the word list it looked similar to BIP-0039. Iâd rather roll with whatever default was choosen so far and vote for the request to make the list selectable by the user.
I have been using passphrases for sites that I know Iâm going to have to type the password out because there is no auto-fill option (typically on smart devices with remotes). I find that passphrases circulate from long words to short words each time âgenerateâ is pressed. A passphrase like No-Entry0-Zero isnât hard to type. Circumvent-3Blossom-Existentialism-7Resemblance is pretty hard and time consuming is constantly have to type in.
I found xkcdpass to be excellent for generating friendly passphrases. It is based on the same word list, I think, but it can tell you exactly how much weaker your passphrase becomes if you only use 6-letter words. You can see its many options in the github README.
Example with 5 words, at most 6 letters each:
$ xkcdpass -V -n 5 --max 6 -i
With the current options, your word list contains 2300 words.
A 5 word password from this list will have roughly 55 (11.17 * 5) bits of entropy,
assuming truly random word selection.
Enter number of words (default 5):
Generated: deuce barrel apply ritzy scoop
Accept? [yN] n
Generated: crept duffel waffle hedge swoosh
Accept? [yN] n
Generated: safari disarm macaw kudos kindly
Accept? [yN] n
Generated: puzzle amaze mummy defog trowel
Accept? [yN] n
Generated: backer pummel parlor cement revert
Accept? [yN] y
backer pummel parlor cement revert
I would love it if the same algorithm was integrated into BitWarden.
Itâs probably useful to add that without the 6-letter-word restriction, you get 7227 words and 64 bits of entropy for 5 words. That is ~500 times stronger. I think 55 bits is quite a few, though â if I count correctly, itâs similar in strength to a random alphanumeric password of length ~10 (11 for 32-character alphabet), as opposed to a length of ~12 to get 64 bits. (With case and a little punctuation, you would have a 64-character alphabet, and the difference between length 8 and length 10).
Wikipedia links to a section of RFC 4086 for the question of how many bits is enough, which inspired the above paragraph, is more correct, and very nice to read. Though, Iâm left with the realization that if I donât really know what Iâm defending against, itâs hard to know whatâs good enough.
Another reason is that itâs easier to share verbally with someone else. I can say the words instead of each individual letter/number/symbol. And while Bitwarden and other password apps allow for sharing, there are tons of instances where you need to share verbally: the other person doesnât use the app, youâre having issues with a stressed out person who claims to not know how to use the interwebs, etc.
This is similar to Choose the word list for passphrases but I wanted to put an emphasis on security. That requesst is for supporting custom dictionaries. This request is for a larger default dictionary.
Using Diceware is convenient because itâs already groomed for use in passphrases (uniqueness, memorability, etc), but that dictionary is unnecessarily limited since itâs optimized for dice. 6â” is 7,776 words while a spelling dictionary has 100,000 words, so Diceware would need a list requiring seven rolls to match a spelling dictionary. A six-word Diceware passpharse has an entropy of logâ(7776â¶) = 77.5 while a five-word passphrase generated from SCOWL aspellâs standard american-dictionary (104,334 words, 258kB gzipped) has an entropy of logâ(104334â”) = 83.4.
Feature name
Use a larger default word list
Feature function
What will this feature do differently?
Big entropy improvement for all generated passphrases
What benefits will this feature bring?
Generated passphrases will be significantly harder to attack
Which languages do you want to be supported ? All, including artificial languages like Esperanto and/or Klingon ? A ânegativeâ word in one language could be a ânot-negativeâ word in another.
On a side-note: âUnheiligâ (German for âUnholyâ) was a band that was very successful even in the mainstream media (*1). Perhaps see and listen for yourself (*2).
