In light of the recent LastPass breech I looked at different strength test websites to see how long a password would hold up under a offline brute-force attack.

The password I tried was: Aband0nedFairgr0und

This is a a 19 character password with a combination of uppercase/lowercase/numbers. Granted, there is no special characters.

I went to 5 different password strength sites and they all give me wildly different results for how long it would take to crack.

As you can see the results are all over the place!

Why is the Bitwarden result so low and if the attacker had zero knowledge of the password, is it feasible to take an average of the diufferent results and assume that password is sronger that 1 day?

PS: Dont worry, Aband0nedFairgr0und is not a password I use and was made up as a test.

Hi! Tested one of my old cracked password with the bitwarden Password strength testing tool and it was shown as secure. So I tested it with one of the password that I thought look at least kind of good from a rockyou-list: "arisdwiwanto070606" (https://raw.githubusercontent.com/josuamarcelc/common-password-list/refs/heads/main/rockyou.txt/rockyou_2.txt) with the result that it was a strong password.

According to HaveIBeenPwnd the password has been seen one time before.

Is there any reason why Bitwarden does not check for any new password lists as well when telling the user about the password strength (zxcvbn seems to have a 9 years old password list, https://github.com/dropbox/zxcvbn/tree/master/data) or do I miss something?

I was playing with Bitwarden's Password Strength Testing Tool and discovered unexpected behavior.

I have a password that I use to login to my personal laptop (thirteen characters with letters, digits and symbols). I use the same password with 2 additional digits appended as my Bitwarden Master password.

When I test the laptop password, the testing tool says "Strong" and "31 years" to crack. Seems good so far. Next, I append an additional digit and the Estimated Time to Crack increases to "centuries" which seems even better.

Then I append one more digit and the Estimated Time to Crack goes DOWN to 57 years. Huh?

Why would the Estimated Time to Crack go down when appending a digit to a password that would take "centuries" to crack? I thought appending more characters to a password would always increase the estimated time to crack.

Am I misunderstanding something?

Basically, it seems to award very short passphrases too much strength.

I've built a spreadsheet to test entropy of each password/passphrase and have believed it's best to stay above 78 bits of entropy, I suppose based upon recommendations of the Diceware web page, from perhaps 1995:

We recommend a minimum of six words for use with GPG, wireless security and file encryption programs. A seven, eight or nine word passphrase is recommended for high value uses such as whole disk encryption, BitCoin, and the like. For more information, see the Diceware FAQ.

From this I inferred six-word passphrases were the basic minimum, with longer phrases up to 10, depending upon need. Six words gives me 77 bits of entropy (based upon a 7700-word dictionary).

Now to the BW Password Strength Testing Tool (PSTT): It shows a two-word passphrase, "blissful-harmony" as good! Then it also says it would take one day to crack! Something's wrong here. FWIW, a two-word passphrase yields 25 bits of entropy. Add one more word to the phrase: "blissful-harmony-update" and the tester gives it a "Strong" rating that will take centuries to crack with 38 bits of entropy. Neither seems overpowering or even adequate.

The PSTT appears to have dissociated "strength" and "entropy," and I don't understand why.

I did read through the zxcvbn link on the PSTT page, and the following may bear upon the issue:

By disregarding the "configuration entropy" — the entropy from the number and arrangement of the pieces — zxcvbn is purposely underestimating, by giving a password's structure away for free: It assumes attackers already know the structure (for example, surname-bruteforce-keypad), and from there, it calculates how many guesses they'd need to iterate through.

There's also the encryption methods, including the Key Derivation Function that will slow down the number of guesses a hacker can make in any unit of time; that can help, as can Multi-Factor Authentication (MFA).

Still, worst case, as LastPass users discovered, MFA doesn't help the Vault owner if a hacker has it in front of him and doesn't have to go through online protection schemes.

So, is a short passphrase strength betting on a hacker not knowing the structure of password/passphrase or am I missing something?