@djsmith85 Thank you for linking @gtran’s comment, which I had not seen.
However, I have to say that I’m still confused/disappointed by the explanation provided, which is most definitely not some new vulnerability:
In the Hacker1 report, a 3-word passphrase generated can seem secure due to overall password length but has low entropy
The fact that passphrase entropy is not to be determined from character count is an obvious and well-known fact, and it surprises me that this was treated as some novel revelation that requires urgent countermeasures. Passphrases will trade reduced entropy density (around 1.7 bits/character for an EFF passphrase instead of 3.0–6.1 bits/character for a random-string password) for the benefits of increased ease of memorization and typing.
I wish I knew that I could have collected some HackerOne bounty by reporting this obvious fact! Not sure why the above report wasn’t just dismissed as out-of-scope (“Missing security best practices that do not directly lead to a vulnerability”).
EFF’s recommendation of a 6-word minimum is a red herring as well, because this recommendation is only applicable to certain assumed circumstances. EFF is not some authority on cryptography, either, so I don’t know why Bitwarden is taking security advice from unsourced claims made in some EFF blog article.
As I’ve noted above, any efforts to increase word list size are not going to solve the stated problem. It is mathematically impossible to create a word list that makes the passphrase entropy equivalent to a random character string of equal length (equal number of characters). Therefore, the “vulnerability” that was reported to HackerOne will not be solved by increasing the word list size.
The only viable strategy is user education. One option would be to include a hint text that says. “This passphrase is only as strong as a 6-character random password” (for a 3-word passphrase, for example), where the equivalent character count is always double the specified number of passphrase words.
Perhaps I was not so far off the mark in my initial reaction to the generator modifications, after all… *Sigh* 