Requesting feedback on master password approach

thanks for the info
Here is what I do, and would love any comments.
I filled a page (word doc) with random characters.
Must be over 1000, I then know a portion of this by a start and stop point (charater).
I copy this into the MP field. If this page was found no one but me know the starting and stopping point.
Is the password 10 or 20 or 30 characters long. But there is another step,
after copying it into the MP field I type another number of characters easy to remember and known only by me not written anywhere on that page.
I run everything in a sandbox and use KeyScrambler to scramble the typed additions.
I recognize this works best on computer, I don’t use on mobile. I also use CLIP TTL that clears my clipboard after 20 seconds.

Just FYI, if your word doc falls into the hands of an attacker, then your effective master password entropy is around 20 bits plus the entropy of your manually typed character string (6.6 bits per character, if these are randomly selected from the set of 95 printable ASCII characters).

Put another way, if an attacker gets hold of your word doc (and knows what it’s for), then the difficulty of finding your copy-pasted string is equivalent to the difficulty of guessing a 3-character password.

If discussion of this question ensues, I will move this discussion to a separate thread, as it is off-topic to the question asked in the OP. Update: I moved it.

Why would they be able to figure out what was copied and pasted?
I wondered about that but could not see how that would happen.
My string is chosen from over 1200 random characters and then an unknown number of added
characters entered on the MP box. I would have thought the entropy was very high
p.s I am sure you have a better understanding of this then I do, that is why I asked.
I clear my clipboard immediately after pasting

A brute-force cracking attack works by making a large number of guesses (maybe a million guesses per second). An attacker who had access to your word document would just need to correctly guess the starting point and the end point of your string.

They would probably do their search in a random order, but for purposes of counting the number of guesses required to go through all possibilities, let’s assume that they start from the beginning, guessing that your starting point was the first character in your document; now they have to try 1200 possibilities for the final character (since the length of your secret string could be anywhere from 1 to 1200). If none of those options work, then they would go on to guessing that your string starts with the second character in your document; because the end of your string cannot be located before the start of the string, they now only have 1199 possible end locations to try out. If none of those strings are correct, then they would try using the third character in your document as the starting point, and they would have 1198 possible end locations to test. Hopefully, you see that working through the entire document in this way, the total number of guesses required to exhaust all possible strings would be

N = 1200 + 1199 + 1198 + 1197 + … + 3 + 2 + 1

This summation is an example of an arithmetic series, and its value can be shown to equal

N = 1200×1201/2 = 720,600

A sophisticated attacker could run through all of those possibilities in less than a second. Of course, they also have to guess the characters that you type in manually, but for each of those guesses, it would take less than one second to add the correct random string from your Word document. The number of guesses required to find your manually typed string equals

M = Sn

where n is the length of the manually typed password and S is the size of the character set that your manually typed password is made up of (e.g., S=26 if you are using lowercase letters only).

To find your master password, every guess of your manually typed password must be combined with every possible random string, so the total number of guesses is the product M×N. The entropy of your master password is the base-2 logarithm of this number: log2(M×N). Because the logarithm of a product equals the sum of the logarithms of the factors, the entropy of your password can be expressed as

E = n log2(S) + log2(N)

Since we know the value of N from above, we can determine that the amount of entropy added by the random string constructed from your Word document equals

log2(720,600) = 19.5 bits

As an example, if the manually typed part of your master password is a 5-character string of lowercase letters, then the entropy contributed by the manually typed characters would be

5×log2(26) = 23.5 bits

Thus, for this example, the total entropy of your master password would be

E = 23.5 bits + 19.5 bits = 53 bits

This corresponds to a total number of 9×1015 guesses required to exhaust all possibilities, although on average, an attacker would come across the correct combination in half of this number of guesses. Thus, on average, an attacker capable of testing a million guesses per second would require 143 years to crack your master password (if the manually added part is a random string of 5 lowercase letters).

If your manually typed string is something else, then the above analysis of cracking time is not valid. For example, if it is a dictionary word or if it is a 5-digit numerical PIN, then your entire master password can be cracked in about 10 hours.

1 Like

Hi @Dan_B1! Here is what many of us do related to vault security:

  1. We use Bitwarden to generate a 5 or more word Passphrase.
  2. We create an absurd sentence that uses the words from the generated Passphrase in the right order. This helps us memorize the Passphrase.
  3. We write down the Passphrase and store it in a secure location because we may think we will remember it perfectly, but our mind can play tricks on us.
  4. We set the Passphrase as the Master Password.
  5. We turn on some form of Bitwarden 2FA (Two-Factor Authentication). We save the 2FA Backup Code and store it in a secure location in case we can no longer use the 2FA that we turned on.
  6. We periodically backup our vault and store it in a secure location in case we can no longer get into Bitwarden.

All of these steps have sub-steps, but hopefully this gives you some useful feedback.

1 Like

Thanks for the very detailed explanation.
You stated that the hacker “knows” the total length i.e. the length of the additional characters.
I am not clear on how that would be possible. They cannot count the overall length, but since I believe you, do I understand that if I add 6 or 7 random characters that have both upper and lower case, numbers and symbols. I should be very safe.

Waiting for clarification on my procedure, I made random string of 20 characters that use every type mentioned above and put in BitWarden strength meter and it said it would take centuries.
The copy and paste + was a lot easier, but I don’t want to be foolish.
I am a new user having fled LastPass on Thursday, and this community has been great and I thank you in particular

This password mentioned will take some practice to memorize so I will look at passphrase also.
I am using YubiCo keys for 2FA. Are your backups in.csv or unencrypted .json?
I did backup in .json before I changed my MP, but even though unencrypted not sure how to view it

1 Like

I backup to both .csv and unencrypted .json. The .csv file is easier to read because you can load it into a spreadsheet. The .json file is better for importing into Bitwarden. You can use any text editor to look at it, but it is not all that easy to read. I encrypt both files and store them in a secure location.

There is also another way to backup which I just learned about from @grb which you can find out about here:

Good luck!

I oversimpified a little bit in my explanation above, but the bottom line is that they don’t have to know it. The approach is similar to what I described with getting the string from the Word document — they simply try all possibilities. For example, let’s say your added string is made from the 94 characters available on a US keyboard (excluding the space). They would first assume you only added one character, and try all 94 possibilities. If that doesn’t work, they try all 94×94 possible two-character passwords, then all 943 three-character passwords, and so on, until they are successful. Thus, if you are using a 6-character random string, the total number of guesses is

M = 94 + 942 + 943 + 944 + 945 + 946 = 697 billion

The formula I gave previously (which made it seem like the attacker had to know the number of characters) is really just an approximation:

M = Sn = 946 = 690 billion

You can see that the difference is just 1%, and will not meaningfully affect the time required to crack your password.

I want to clarify that my analysis of time time to crack your master password assumes that the attacker has access to your Word document, and to your encrypted vault. In effect, this means that the weaknesses I have pointed out are only relevant if an attacker gains access to your computer (through physical access, or remotely, through malware). In contrast, if an attacker steals your vault from Bitwarden’s servers (like the LastPass breach), then they will not have access to the Word file, and therefore would have to brute-force guess the full master password, character-by-character. For this type of attack, your original method is actually extremely secure (assuming that the total number of characters in the master password is quite large). In fact, your method is essentially equivalent to the much-vaunted “secret key” feature in 1Password.


A randomly generated passphrase is really the better way to go for a master password, as suggested by @RogerDodger above. You only need 5-7 words to create a sufficiently secure master password. If you prefer a string of random characters, then a length of 10-14 characters should be sufficient (assuming that you are using a random password generator that draws from the full set of 94 characters). The passphrase is generally easier to remember, and easier to type, but equally secure compared to the random character string.

If you go on the low end of the above recommendations (5 words or 10 characters), your master password entropy will be 65 bits. For the hypothetical attacker capable of testing a million password guesses per second, it would take over a million years to exhaustively search through all possibilities.

1 Like

Again thanks
I will probably go with the phrase or characters, but you got me thinking.
Would you consider this for academic purposes and run it thru you calculations
Same word doc raised to 2000 random, my password is lets say 30 characters but on
the word doc I have inserted a 1,2 , or perhaps 3 character string that is not part of the password
So now there is no combination of correct strings unless the hacker also starts eliminating parts of each.
When I go to enter it from the Word doc, I delete the incorrect characters, then copy and paste (Control V) TWICE into the field. Now the password is 60 characters long. I close the word doc without saving and the incorrect characters are back in.
From my limited understanding, the hacker likely never figure out what is the password and then unlikely to figure I would paste it in twice.

p.s. if your explanation was over simplified, then I don’t want to see the unsimplified version. I understand the conclusions but the math is beyond me

Dan, what is your threat model?
Personally I am concerned about hackers online, such as the Lazarus group based in North Korea. I think it’s quite conceivable that such hackers can get hold of the BW database and even something on your local HDD but they will not be able to access something totally offline e.g. written on paper in your draw. :+1:

Average i guess. Just a retired Fire Captain 71 yrs old