2. Enter Passphrase Word Count:
3. Enter Iterations:
- This calculator assumes the passphrase was randomly generated by a computer. Avoid picking your own master password, let a computer do it for you.
- It also assumes you’re not reusing this passphrase anywhere else; you should never reuse passphrases or passwords.
- The default PBKDF2 for “most” password managers is 100k, but some like Bitwarden have moved to 600k as of 2023 for new accounts. See the update about Argon2id below to know why it’s better and why it was added to this calculator.
- The total given is an estimate of what it would cost to crack one person’s master password (passphrase).
- The total factors in the hardware and electricity costs.
- The total is half of what it would cost because we’re giving the attacker a 50/50 shot of finding the correct master password in the first half of guesses.
With Bitwarden adding Argon2id I felt the need to also add it to this passphrase cracking calculator. Since the main goal of this calculator was to see what it would cost to crack a master password for a password manager, I feel having Argon2id as an option is important. Also, I’m sure more password managers will be looking to move to Argon2 soon.
The math to do the conversion from PBKD2F to Argon2id was a bit tricky, but luckily KeePassXC 1-second delay made it easy and got us a “good enough” solution. With KeePassXC 1-second delay, I found that the standard AES-KDF for my computer was about 54 million on average. Switching to Argon2id at 64MB memory and parallelism at 4 threads, I got 68 iterations on average. Bitwarden’s Argon2id defaults are 3 iterations, 64MB and 4 threads on parallelism, so that is what I used in this calculator.
Using these numbers, I found that 1 iteration of Argon2id equals about 800,000 PBKD2F.
I’m excluding the options to change the memory and parallelism to avoid confusing people too much with too many buttons. This calculator is to give you an idea on the cost to crack and help people put things into perspective.
With Bitwarden moving to Argon2id there is a noticeable increase in cost to crack a master password. The default Argon2id settings are a huge upgrade from the old 100k iterations or even the newer accounts getting 600k iterations.
While Argon2id is a nice improvement, it still doesn’t move the needle as much as making your master password just one word longer. Though, people can get carried away with “just one more word” and I hope this calculator can bring people back to reality.
Congrats to Bitwarden, and a huge thank you to Quexten!
Why A Dollar Amount?
Instead of telling you how long it would take to crack a passphrase, we’re showing how much it would cost as it’s a far more valuable metric.
An attacker taking 2 weeks to crack a master password could be outdone by someone willing to spend more money to get it done in 1 week.
When you boil it down, time is money, so showing you the cost is the only factor that matters.
How Strong Should Your Master Password Be?
The strength of your master password will come down to what it’s protecting.
If you’re worth millions then you need a master password that would cost more than you’re worth.
Consider your attacker and how much are they willing to spend on you and then make your master password cost more than that.
Learn more about making a master password here.
How The Math Works
1Password found that it cost about $6 to go through 232 (4,294,967,296) combinations of passwords.
So if you have a 3-word passphrase using 1Password’s list (18,300) of words, that would be a total of 6,128,487,000,000 combinations.
If you take 6,128,487,000,000 and divide by 4,294,967,296 you would get 1,427 (rounded to the next whole number).
You then take 1,427 and multiply by $6 to get $8,562.
1Password rightfully assumes the attacker has a 50/50 shot of guessing the correct master password in the first half of guesses, so you would then take $8,562 and divide it by 2 to get $4,281 or about $4,200.
So with 3 randomly generated words from 1Password’s generator, it would take about $4,200 to crack.
What Are Iterations?
Websites don’t store your actual password but a hash version of it.
Think of a hash as a smoothie, if you blend the same raw materials for the same amount of time you always get the same smoothie.
The website compares the hash (or the “smoothie”) they have on file to the hash that was generated from your password to confirm you’re the correct user. Just like the smoothie, once blended, the hash can’t be returned to its raw material; the hash is irreversible, making it perfect for password storage on a server.
To slow down guessing or make your master password stronger without you doing anything extra, many password managers will hash the password multiple times. Hashing the hash over and over again is iterating the password. The more you do it, the stronger you make the password.
Adding more iterations will only linearly slow down an attacker, but adding one more word will exponentially slow down the hacker.
You don’t want too many iterations as it slows down your computer, and if your computer is too slow, you can crash it as the OS thinks it’s stuck in a loop. This is why password managers like Bitwarden stop you at 2 million iterations, and also why they say to only add 50k iterations at a time.
Why Was The Passphrase Cracking Calculator Created?
I wanted to know how long should my master password be, and most of the cracking calculators on the internet never…
- Considered the number of iterations.
- The different types of word lists.
- Real-world cracking power.
It’s impossible to guess how strong your master password should be if you’re not factoring in these 3 things.