Bruteforcing the Bitwarden master password I forgor
20 points by BD103
20 points by BD103
I have this one old KeePass db I stopped using ages ago, but very occasionally had to reference. I forgot the password twice. The first time I rigged together some weird custom thing to crack the password (...I don't remember why), the second time I just used hashcat.
Both times around I've ended up eventually figuring out the password myself, before the search finished. Turns out GPUs are great at peer pressure!
The idea that you could just forget a piece of information like that is honestly kinda scary.
I assume this isn't uncommon? Especially if you use very long randomly generated passphrases.
My experience is that the more something becomes muscle memory, the easier it is to just forget one day. It happened to me for the first time 25 years ago in university. One day the 4-digit debit card PIN I had been using almost daily for years just wouldn't come to me--my attempt at entering it from muscle memory at the ATM failed, which caused me to stop and think and I realized I didn't remember the exact permutation of digits and my muscle memory was completely based on specific finger motions which I now couldn't reproduce exactly. I just had to get it reset.
Despite being older and presumably having worse memory, now that I use my debit PIN much less frequently I have a much easier time consciously remembering it, but it probably helps to have something like that happen once or twice in your life so you develop counter-measures.
I still vividly remember the disk encryption passphrase of an install that has been wiped at least 3 years ago, so there's that.
There were two issues with the kdbx from my original comment:
I still remembered it when I was using that db, but it's not that surprising I ended up forgetting it.
The punchline here is that, as I'm writing this, I absolutely can't recall that passphrase.
I wisened up after burning a few days of GPU compute the second time this happened and stored it in the vault I actually use.