Ask HN: Are Generated Passphrases Safe?

11 points by Pandavonium ↗ HN
I'm currently migrating from LastPass to Bitwarden. As part of the process, I'm updating a bunch of passwords. Bitwarden's generator can create random passphrases like the following:

spiny approval avalanche uncouth tattoo

Are these generated passphrases suitable for use on more sensitive accounts? I'm currently using generated passwords with numbers and symbols (20+ characters) but this can be a bit of a pain when I need to input a password using my TV remote or dictate it to my partner. I don't have a great sense for what's easily crackable so it would be great to get some opinions from those more familiar with the cryptography space.

14 comments

[ 2.9 ms ] story [ 19.0 ms ] thread
Yes, they're "safe" - so long as you don't reuse them

As for the use cases of typing into a TV, use the activation link option instead (like myStreamingService.tld/activate and enter the 4-6 character using your laptop's or phone's browser)

When you can't do that, use a simpler passcode (eg an 8 or 10 digit number that's easier to navigate to)

Your Netflix account is not "sensitive" - your bank account is :)

> Your Netflix account is not "sensitive" - your bank account is :)

While I generally agree with the sentiment (and frankly do the same sometimes) I think it's worth noting that if targeted attacks and spearphishing are part of your threat model (it isn't for most) then a Netflix account can conceivably be traded up like a red paperclip to your bank account.

But if you just care about password stuffing than this is probably fine.

I suggest using the non-white space seperator like a -:

spiny-approval-avalanche uncouth-tattoo

If Bitwarden default is not safe, the software should not be used.

By default, it uses a dash "-" as separator. I was mucking around with different settings when I discovered it. It also uses 4 words by default and I changed it to 5. Funnily enough, I read a few articles that specifically suggested 4 words is fine but 5 is ideal.
Depends on the application. For an online login account, 4 might be enough (not used for anything other than login, eg, not using the same password for encrypting your data in the backend). The are rate limits and brute force blockers (though sometimes those feature can be bypassed).

For file or disk encryption? Absolutely not. Use 10 words minimum (it depends on the word list, but 10 is a safe bet across the board).

> If Bitwarden default is not safe, the software should not be used.

The definition of "safe" depends on your risk model; what is appropriate for people named Snowden is not necessarily appropriate for many others.

Safe for what and against whom?

If an attacker can make unlimited login requests to a service, then longer passwords are always safer than shorter but more complex passwords.

If an attacker has a copy of a service's hashed passwords, the same is also true.

If an attacker is physically looking over your shoulder, a passphrase may be easier to remember than random letters, digits, and symbols.

If an attacker is a nation-state with a quantum computer and an unlimited budget - they'll probably find a different route into your account.

I would say that passwords are rarely "cracked". People tend to either use one of the top 10,000 common passwords, or reuse the same "secure" password on multiple sites. If you are outside of that low-hanging-fruit, why would someone expend resources on you?

Yes. The purpose of this sort of password convention is to make it more human friendly (easier to remember or dictate), while maintaining security.

Password strength / entropy is all about how long would it take an attacker to brute force. Practically, we think about this in terms of S(p) = number of possible tries / tries per second. This yields how long it would take an adversary to crack your password, in the worst case (that your password was the last possible guess.

The set size of all possible characters varies by system. But, typically, we see set sizes up to about 95 (lower case, upper case and special characters). Let's say everyone knows that bitwarden creates passphrases that are all lower case and have spaces. Passphrases use a word set of (let's say) 170,000.

Your (let's assume) 20 character password has a max number of guess of 95^20 whereas bitwarden has a complexity of 170,000 (choose) 5. However, if the adversary didn't know you used bitwarden, the complexity would look more like 95^40. It's obvious that the more an adversary knows about your password, the faster they can guess it.

You can use a site like security(dot)org to determine how long it would take a computer to crack it (they don't really define what "A computer" is). In either case, either password would take longer than the existence of the universe, by far.

On a side note, I'd love to see a "How secure is my password?" that calculate the cloud compute cost of cracking the password, say in a year. It would be cool to know it would take $5,000,000,000,000,000,000... to crack your password in a year.

Maybe you could do OP a favor and redo the calculation, assuming that an attacker knows that he used passphrases. Assuming that an english dictionary has maybe 10.000 meaningful words... And then even worse if you assume that the attacker even knows that he was using Bitwarden for that and an attacker can easily lookup the dictionary that Bitwarden is using. So with maybe 1000 words and 5 words used ...
(comment deleted)
I use the harder to guess "random password" feature instead of the "memorable passwords" one with full words.

I will not be remembering those passwords anyway so there is no need for them to be human readable.

Yes, they should be fine as long as you are not reusing them. If you want more customization, I wrote a generator with more options like a custom separator and leetspeak: https://pwizard.netlify.app
Often this doesn't meet the requirements for a password e.g. uppercase requirement. In that case I might use such a generator to get me started with some random words (more random than I'd come up with myself) and then mould it to fit the requirements before saving.