How do you memorize a long machine generated password?

The same way you would eat an elephant. In small pieces.
I was using LastPass up until about a year ago when I migrated to BitWarden. My Lastpass account is still active though unused. I’m not too concerned because I used a strong 17 char machine generated password. More on that in a minute.

In the wake of the Lastpass hack I have noticed a lot of sites are now forcing 2FA. The reason is people use weak passwords for their master password not understanding that that makes all of their passwords just as weak. And LastPass’s awful decision to plain text the related URLs.

The best passwords are machine generated. I’ve done the math and I came up with 23 chars as the magic length that is too expensive, if not impossible, to brute force. I have to qualify that “machine generated” because humans are awful at picking passwords. Personally I think 17 is long enough. Hackers will go after weaker or higher value targets before trying to crack a 17 char password.

So, how do you harden your current master password? Or how do you memorize a 17 or 23 char password? You do it in bite size pieces. Take your current password and add 3 or 4 machine generated chars to the end of it. Use that password until it’s burned into your brain. Rinse and repeat until you get it long enough. It took me a a few months. And of course do not use that password with any other site, in any other place that is accessible from the internet including your home computer.

Suggest to opt for a passphrase instead of a password. You can easily memorize 30+ characters by picking 5-7 unrelated words. Add a little salt between the words in the form of symbols to increase the strength. Much easier to remember and typically stronger than a shorter random string that can be memorized.

1 Like

Would be curious to see your math. Depending on the character set, a 23-character string would have an entropy between 108 bits (26 lowercase ASCII letters only) and 179 bits (218 printable extended-ASCII characters), or even up to 433 bits (if using all 467241 printable Unicode characters).

All of the above, even the 108-bit password that uses only lowercase letters, are probably overkill (unless the total value of assets protected by credentials stored in your vault is in the multi-million dollar range, or you are hiding from the NSA). For most individuals, a random string using 10-14 characters (drawn from the 95 printable ASCII characters) should be sufficient; this will yield 66-92 bits of entropy.

But for memorization purposes, a passphrase consisting of words that have been randomly selected (“machine generated”, as you say) from a word list will make for a master password that is both strong and memorable. Because the passphrase concept was initially developed on the basis of using dice as the entropy source for ensuring that the word selection was truly random, so-called diceware word lists typically contain 65 = 7776 words. Thus, most people can use a passphrase consisting of 5-7 randomly selected diceware words to get an entropy in the range 65-90 bits.

Because humans are able to hold 7 ± 2 words in short-term memory, it doesn’t take too much effort to memorize a strong passphrase. A simple method is to keep a piece of paper on which the master password is written, and then commit the phrase to short-term memory each time you have to type the master password. With sufficient repetition, the passphrase will become stored in long-term memory, allowing you to recall it without referring to the “cheat sheet”. In my experience, this takes a few days to a week, depending on how frequently you type the master password.

After additional repetition, the passphrase also becomes stored in “muscle memory”, so that one can type it without thinking.

1 Like

You’re right. A passphrase is an excellent idea. I use a passphrase plus some random chars mixed in.

I could be wrong, but 23 is the number where I couldn’t figure out a solution that would take less than the age of the universe (1.5E+10 years) to complete.

I used a-z, A-Z, 0-9 and 32 symbols on a US keyboard. That is 94 characters. 94^23 is 2.40e+45 possibilities. I excluded the space - silly me.
With a good video card you could do 600 Million guesses per second it would take 6.36e+28 years for half of the possible combinations.

Using the fastest supercomputer on earth, Frontier, running at 1.102EFLOP, assuming one guess per flop, it would still take 4.03e+20 years.

A million Frontiers is still 4.03e+14, a billion is 4.03e+11. I can’t imagine having more compute power than a billion Crays.

Of course the unknown is how much compute power does a bad actor possesses - probably less than a Cray supercomputer, but who knows.

None of this includes the lag time of running the decryption algorithm.

I arrived 17 as good enough based on several things. Most people use 8 char passwords, which is where I would concentrate my compute power if I were a bad actor. Once you get passed 12 chars the compute power + time needed to crack a password exceeds what it takes to find easier targets. 17 is a comfortable margin.

stored in your vault is in the multi-million dollar range

If you possess any of the keys to the multi-million dollar company you work for then…
But that’s all BS because almost everybody I know uses terrible passwords.
I know of a company that has set all of its employees’ passwords to 123456 - I am not kidding.

This is for a fast hashing algorithm. Bitwarden uses PBKDF2-HMAC-SHA256 for slow hashing, with a default of 100,000 KDF iterations. For such a hashing algorithm, the fastest hash rate I have seen is 40,000 guesses per second with a single GPU. You can slow this down further by increasing the number iterations up to 2,000,000, which should reduce the hash rate to 1 kH/s per GPU. Thus, even a rig with 100 GPU cards could only make 100,000 guesses per second. At 65 bits of entropy (5 word passphrase), this would still take 9 million years to go through all possible variations, so an attacker would require 4.5 million years on average to crack a random 5-word passphrase.

1 Like

Someone posted in another thread the comparative benefit of increasing your KDF iterations to increasing the password length by a few characters, demonstrating you can add far more strength with the latter approach. That said, if you are hacking an unknown password set at a few hundred thousand iterations, the immediate observation by a hacker that they are spending tremendous computational power to achieve far fewer guesses may send them to an easier target at the outset.