Make the passphrase generator use shorter words

To my knowledge, there are ~7777 words in the wordlist used to generate passphrases.

My request is the words in this list be made shorter. The passphrases themselves will lose no security potency (each word adding log(7777) bits of entropy), but the number of characters in the passphrases can be significantly cut down, while still keeping them recognizable/human parsable.

The reason to cut down on the number of characters is because, stupid as it is, some apps limit the number of characters one can have in a password. As a significant example, Nintendo limits pass characters to 20, which lots of the 3-word passphrases surpass easily. (the biggest public transport site in Australia) also limits passwords similarly and so that the standard 3-words are largely inadmissable.

It would be easy to get 7777 such short words. For example contains a bunch, words like “bird” and “code”.

I use the passphrases as much as I can, but It could also be helpful if it would be possible to generate a passphrase with a maximum number of characters.

1 Like

But why? The only reason you would do that is if you want to memorize those passphrases. There is nothing wrong with that, but judging by your comment, you do that everywhere and I have doubts you remember them all (Correct me if I’m wrong). Why not just use 15-20 chars random password. Both more secure and less pain in the a**.

Why don’t you shorten them yourself?




It can all be done in the extension when creating a new account. Just delete a few characters at random. This would be more secure than using the whole words because you’re destroying information and making it harder to crack.

Simple because I cant use Bitwarden everywhere. So sometimes I need to type it over. Besides some random password is not more secure then a password phrase of the same length.

Why would not make the phrase generator have the same options as the normal generator?

If at random take out a few characters would that not defy the purpose of a passphrase? Even so I dont think it would not be harder to crack.

A meaningful addition would be to see how long the password is. I could just generate it again and again until I get a 20char password. The least I get is three words but the words are to long to make a enough random password of 20characters.

If you have to type it over, it’s indeed easier with passphrases.

Sorry, but you couldn’t be further from the truth. The strongest type of password is random generated, because there are no patterns in it, it’s just random characters. The only way to break it is with bruteforce attack. An 11-12 char password is safe against any hacker. 15 char is safe against all the computers on earth at once. (applies only to random generated passwords)

A passphrase with a length of 12 basically means no more than 2 words. With the right program and with my computer, I can break it in minutes using a dictionary attack. Ofcourse, this is assuming I knew beforehand that you were using a passphrase system.

What @dangostylver said is actually true. By deleting characters (to a certain point), the passphrase “Dlte-Caon8-Helg” no longer contains real words and become harder to crack.

Everything there is to know about passphrases, search “diceware” in google.

Sorry but I disagree. It depends on the system how the password is generated.

And your assuming I use the English language. I would take you computer longer if I was using French words. But 3 shorts words would be more secure, then 2 longer words.

pig|minus|teach or 4veVnhzpbz4iEhi there is not much difference is password strength. The second will be slightly better but both are secure enough. Maybe you could let your computer calculate the difference.

Way I see it, googling Diceware, just proves the point @chausies is making.



This would actually be a useful change. However, it makes sense that Bitwarden hasn’t customized the word list. Bitwarden uses EFF’s “long” word list, described here:

I suggest also reading the “deep dive” which goes into detail on the methodology used in choosing words for the list:

The EFF diceware wordlists are based on Arnold Reinhold’s 1995 diceware wordlist, with a particular goal of greater memorability. As mentioned by EFF’s Joseph Bonneau, “Several word lists have been published for different purposes; thus far, there has been little scientific evaluation of their usability.” There are many linguistic and technical factors to consider in producing such a list. And multiple languages.

EFF’s list ended up with longer words than the one it was based. They even outright removed words under three characters. Notably, when EFF produced their “short list #1”, they did so by removing long words first and the result has words only up to five letters long. Of course, it’s a shorter list, 1296 words vs 7776 words, with a resulting 10.3 bits vs 12.9 bits of entropy per word. But ironically, because the words are shorter on average, “short list #1” passwords have a higher entropy per character (2.3 bits) than the EFF long list (1.8 bits). (The “short list #2” is worse on entropy in both categories, 10.3 bits per word/1.4 bits per character.)

However, a higher entropy per character is only useful if you generate your passphrases to fill a character limit. Typical use is to generate a number of words. Not worrying about character limits allows the benefit of longer word lists containing a wide variety of short and long words.

You’ve seen these tables right?

You need to keep in mind that “strength per word” is a function of the length of the word list, and not only that, but to compare them with random-characters you then need to translate “strength per word” into “strength per character”. The Wikipedia tables do not make that comparison, and in fact they can not unless they cite a specific diceware word list (they don’t).

But EFF provided a number we can use to compare. Their strongest word list per character is 2.3 bits per character. Compare that with the Wikipedia table. For convenience, here are examples:

character source entropy, bits per character
EFF short #1 list 2.3
Reinhold’s 1995 list 3.0
numeric (eg PIN) 3.3
case insensitive latin 4.7
case sensitive alphanum 5.9
ASCII printable 6.5

We can calculate it easily by hand using the entropy values in the Wikipedia tables above. You have three words, which I’ll assume is from a typical 7776 word long, widely-known (we’re talking implementation in an open source app after all) wordlist. At about 13 bits of entropy per word, that gets you about 39 bits. I’ll call your choice of separator random, which wins you one random character worth of entropy, or (generously) up to 8 bits. So “pig|minus|teach” has maybe 47 bits of entropy. “4veVnhzpbz4iEhi” I’ll conservatively regard as strictly case-sensitive alphanumeric. With 15 characters, it has about 90 bits of entropy, almost twice the entropy. The random character password is much stronger, even with its limited character set!

Anyway, ultimately, the EFF lists were meant to allow random generation of passwords literally by hand. Thus “dice-ware”. That’s why there are specifically 7776 words in the list (6^5). Passphrase generator lists can be much longer, and thus provide greater entropy.

The solution may be to provide a selection of word lists, in various languages, and allowing to select from multiple (merge sans duplicates) suitably-published wordlists.


This statement is where the inaccuracy lies. You say “of the same length”, but what do you mean by this? One would assume that you mean “of the same number of characters”, but if you do mean that, then your remark is untrue, by virtue of how dictionary attacks work; if the adversary knows you are drawing words from a particular wordlist, they need only try combinations of words in that list, and not all possible combinations of individual characters.

The system in question was stated: use the set of all possible characters. Assuming printable ASCII characters only, the statements made by @Nik1 are basically true. There are 95 printable ASCII characters, so that if you want at least 128 bits of entropy (which is considered impenetrable), you need only choose a 20-character string using that set of characters. In order to crack a password with 128 bits of entropy within the current age of the universe (14 billion years), an adversary needs to attempt 8×10^20 passwords per second.

10 characters will suffice in most commonplace applications, since this provides over 64 bits of entropy. If we assume that an adversary can attempt 1,000,000,000 passwords per second, then it takes them ~270 years on average to crack such a password.

Even if we restrict ourselves to the 62 alphanumeric characters, then 128 bits of entropy still only requires 22 characters, so there is no real need to use the larger set of all printable ASCII characters.

By comparison, the 2nd edition of the OED contains ~170,000 English words. To get 128 bis of entropy using that wordlist, we need a passphrase of at least 8 words — 7 words gives us 121.6 bits of entropy, though, which certainly suffices. The average length of an English word is around 5 characters, though, so such a passphrase, with spaces between words, will likely be around 41 characters. Not bad, and passphrases are definitely nice because they’re more memorable, but in order to compensate, they undoubtedly need to be longer in terms of the number of characters; around double as long, from these calculations.

i think there should be a max length on the character count of the passphrase generator. i dont think words should be removed from the list, though. the max length would filter it down for us.

Didn’t check but last time I saw the word list it looked similar to BIP-0039. I’d rather roll with whatever default was choosen so far and vote for the request to make the list selectable by the user.

I have been using passphrases for sites that I know I’m going to have to type the password out because there is no auto-fill option (typically on smart devices with remotes). I find that passphrases circulate from long words to short words each time “generate” is pressed. A passphrase like No-Entry0-Zero isn’t hard to type. Circumvent-3Blossom-Existentialism-7Resemblance is pretty hard and time consuming is constantly have to type in.

I found xkcdpass to be excellent for generating friendly passphrases. It is based on the same word list, I think, but it can tell you exactly how much weaker your passphrase becomes if you only use 6-letter words. You can see its many options in the github README.

Example with 5 words, at most 6 letters each:

$  xkcdpass -V -n 5 --max 6 -i
With the current options, your word list contains 2300 words.
A 5 word password from this list will have roughly 55 (11.17 * 5) bits of entropy,
assuming truly random word selection.

Enter number of words (default 5): 
Generated: deuce barrel apply ritzy scoop
Accept? [yN] n
Generated: crept duffel waffle hedge swoosh
Accept? [yN] n
Generated: safari disarm macaw kudos kindly
Accept? [yN] n
Generated: puzzle amaze mummy defog trowel
Accept? [yN] n
Generated: backer pummel parlor cement revert
Accept? [yN] y
backer pummel parlor cement revert

I would love it if the same algorithm was integrated into BitWarden.

It’s probably useful to add that without the 6-letter-word restriction, you get 7227 words and 64 bits of entropy for 5 words. That is ~500 times stronger. I think 55 bits is quite a few, though – if I count correctly, it’s similar in strength to a random alphanumeric password of length ~10 (11 for 32-character alphabet), as opposed to a length of ~12 to get 64 bits. (With case and a little punctuation, you would have a 64-character alphabet, and the difference between length 8 and length 10).

Wikipedia links to a section of RFC 4086 for the question of how many bits is enough, which inspired the above paragraph, is more correct, and very nice to read. Though, I’m left with the realization that if I don’t really know what I’m defending against, it’s hard to know what’s good enough.

Another reason is that it’s easier to share verbally with someone else. I can say the words instead of each individual letter/number/symbol. And while Bitwarden and other password apps allow for sharing, there are tons of instances where you need to share verbally: the other person doesn’t use the app, you’re having issues with a stressed out person who claims to not know how to use the interwebs, etc.

1 Like

I need this feature too,

Samsung and many other websites I find them forcing me having passphrases but with Capital and Numbers and limit to 15 chars which could not be used.