Activity - > you could start by using every word in the English dictionary that starts with... - kbin.life

There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Atemu , 10 months ago

you could start by using every word in the English dictionary that starts with that letter (would take you years)

On a mainframe from the 80s maybe.

The number of words is quite finite and the number of words in commonly used wordlists even more so. On the order of thousands maybe.

Given that they claim to know the starting letter, that should narrow it down to hundreds.

Even at multiple seconds per check that’d only be a few minutes.

The other wrench in this problem is that Bitwarden vaults are not readily able to be brute forced. I won’t go into the specifics, but passphrases are not stored in “plain text”, but rather in “hashes”, which is kind of like a “fingerprint” of a file in that every file has a unique “fingerprint”.

A simple hash does nothing to slow brute force. It’s the underlying mechanism to do any password verification at all and usually rather quick.

State of the art for master-passwords are PBKDFs such is argon2i which are basically a hash hashed again and that hashed again and so on such that you must do a high number of hash calculations in order to verify a password; each depending on the previous.
You choose the number of iterations in a way that is still relatively quick to do in human terms but rather lengthy in computer terms (hundreds of ms to a few seconds). Every time you enter the master pw your computer runs through this PBKDF and you probably don’t even notice.

This does indeed “slow down” brute force attacks a good bit in relative terms but in this case the difference is inconsequential in absolute terms.

Bitwarden won’t let you constantly slam your vault stored on their servers with brute-force password attempts.

I don’t know about BW limitations in this regard but depending on whether @WtfEvenIsExistence is still logged in on any of their devices, they might be irrelevant because you don’t need to interact with any of BW’s servers even once to crack your own password. BW works offline if you have logged in once which implies that the pubkey, salt and whatever else is required to verify the password and unlock the vault are available locally.

Reply

Report

Activity

Open original URL

Copy original URL

Copy Mbin URL

Loading...

Federation

Status:

/m/[email protected]

Thread

WtfEvenIsExistence

@[email protected]

Added: 10 months ago
Views: 30
Online: -
Ratio: 0

Magazine

nostupidquestions

@[email protected]

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others’ questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must be legitimate questions. All post titles must include a question.All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions._____________

:::spoiler Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.

:::

:::spoiler Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

:::

:::spoiler Rule 4- No self promotion or upvote-farming of any kind.

That’s it.

:::

:::spoiler Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

:::

:::spoiler Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it’s in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.

:::

:::spoiler Rule 7- You can’t intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

:::

:::spoiler Rule 8- All comments should try to stay relevant to their parent content.

:::

:::spoiler Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

:::

:::spoiler Rule 10- Majority of bots aren’t allowed to participate here.

:::

Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

Created: 1 year ago
Owner: r00ty
Subscribers: 1
Online: -

Threads 2538
Comments 99463
Posts 17
Replies 174
Moderators 1
Moderation log 225

Moderators

r00ty

Active people