[jasonjayr]

The risk is that if your password manager's database is stolen, then an attacker can do an offline decryption attack on it, and should they succeed, they have both parts of the login to compromise you.

At the very least, you SHOULD keep the 2FA credentials in a separate database (IE, keepassxc can keep multiple databases), so an attacker would need to double their efforts to get both parts of the login.

[ziml77]

Are there any reasonable attacks against AES-GCM-256 where the key is a mix of a randomly generated 128-bit key and a password? If not then I have no concerns about an attacker cracking my 1Password database.

[Eddy_Viscosity2]

> Are there any reasonable attacks against AES-GCM-256 where the key is a mix of a randomly generated 128-bit key and a password? If not then I have no concerns about an attacker cracking my 1Password database.

Hackers rarely break through the front door. They find a vulnerability elsewhere in the code, your OS, other programs on your computer, the companies servers, the companies staff, and so on. You have to have full faith not just in the encryption algorithm, but its implementation, everything and everyone around it and everywhere it operates and interacts with. Any one of these could be a route in.

[bluGill]

The password is generally the weak point. If you can remember it any modern computer can guess it in a short time. Which is why password generation is so imporant.

[yoble]

I don't think that's correct as a blanket statement - you can use a passphrase, or remember a 14+ character password since you only have one to remember.

Even if it's only random-ish, password managers do key stretching (for example by hashing the password 600k times - bitwarden has a high default value and lets you increase it if you like) so that it has to take some computational effort to check if a single password is correct. That's why it take a few seconds to unlock your vault each time.

With these in place I think you're pretty safe for a long time. (Well, maybe until quantum computing breaks those cyphers?)

[baliex]

> If you can remember it any modern computer can guess it in a short time.

That's not true. A long sentence of your choosing is easy to memorise and plenty long enough to not be able to be guessed by a computer (brute force).

[bluGill]

That isn't a word though.

[number6]

As a German I have access to words like "Moselschifffahrtspolizeimützenverordnung" and that's a mild one :)

[bluGill]

Stupid German proving me wrong with something that most languages don't have access to.

\s

I'm sure German is not alone, but it is the only one I'm aware of - though with over 7000 known languages I doubt anyone knows enough to state anything with confidence.

[Modified3019]

Paraphrases are much easier than passwords in this regard. Though I fear keylogging more than brute forcing what my main password is.

But this is why I use security keys like yubikeys. Doesn’t matter if an attacker knows my main password for any number of reasons, there’s fuckall they can do with it without my physical key.

And even if they get into my vault and extract passwords, for many websites (in particular the most important ones) they’d still need to use my security key, they can’t just use the passwords.

Attacks are still possible (with browser session fuckery?) but much harder that yet another breach where a website was storing passwords in plaintext

Note, it’s best to not select “remember me” for Bitwarden: https://bitwarden.com/help/twostep-faqs/#q-why-is-bitwarden-...

[Brian_K_White]

This leaves yourself too vulnerable for my taste.

I like, no I think it's simply a hard requirement, that I can recover from nothing but the contents of my head. I can wake up naked in a foreign country and regain everything.

[yablak]

I'm also interested in the answer to this question. Can one separate the cracking of the password and the key?

[EPWN3D]

The threat model of password managers and encryption as a whole assumes that the adversary has the ciphertext. If the adversary can decrypt it, then the encryption algorithm is fundamentally broken.

There is literally no point to encryption if possession of the ciphertext is sufficient to extract the secret.

[ghjfrdghibt]

Or you can protect the database with a keyfile and/or a hardware key meaning you need 2 or 3 factors for the database.

This is what I do for my keepass database. It means I can store my database in a cloud service of my choice for sync purposes too.