I forgot my Bitwarden password and I know most of the words, I am missing one word and I know the starting letter of of the word. Is there like a strategy to guessing passwords? Is there a program to assist in guessing passwords? I feel like guessing manually would take months.
The fastest method is contacting Bitwarden as another user mentioned. Bitwarden can discuss your options and may be able to help you recover access to your vault if you have emergency access setup for a trusted user or were on an enterprise plan. The second fastest method is starting over and changing the passwords to all the accounts you can remember or have bookmarked.
Because of entropy, a pass phrase is extremely hard to “crack”. It would take a modern computer hundreds of millions of years nonstop to typically crack a pass phrase. Just ask people who hold Bitcoin and lost their 12 or 24 word passphrase (seed) if they were able to recover their BTC. If your passphrase was 24 words like a BTC passphrase, increase the recovery time to several billion years. No, this is not an exaggeration.
Since you believe you know the starting letter of the missing word (and this assumes you’re 100% sure, there’s always risk your memory is wrong), you could start by using every word in the English dictionary that starts with that letter (would take you years). Hopefully all the other words are correct and you haven’t misremembered them or placed them out of order. If any word is out of order, unfortunately increase your recovery time to several million years. The other wrench in this problem is that Bitwarden vaults are not readily able to be brute forced. I won’t go into the specifics, but passphrases are not stored in “plain text”, but rather in “hashes”, which is kind of like a “fingerprint” of a file in that every file has a unique “fingerprint”. Bitwarden won’t let you constantly slam your vault stored on their servers with brute-force password attempts. You’ll have to figure out how to setup your own environment, using your encrypted vault, that would allow you to brute-force that local environment with your passphrase attempts, and set up a system that allows you to iterate until you have a matching hash. Since you’re asking for “a program to assist in guessing passwords”, I’m going to assume you’re probably not equipped to set up a local environment on your own and probably never locally backed up an encrypted archive of your online vault. So again, contacting Bitwarden is best.
Finally, the purpose of a password manager is to have only one password or passphrase to write down (not remember, but write down). Never, ever trust your memory, because human memory is fallible - one fall to the ground and hitting your head could wipe out your memory or cognitive function. You didn’t even fall, and as you can see, you forgot your passphrase. Write your next passphrase on paper in graphite pencil (pencil lead last thousands of years longer than ink) and store it in a fireproof safe. If you want to be extra sure, you can stamp it in stainless steel. Don’t store things in lock boxes at banks - banks have a tendency to lose your stuff, or if they shut down they have no obligation to provide you the contents of your lock box. Don’t take pictures of it, don’t store it in an encrypted note on your phone, don’t cleverly try to split it into parts or store it in a book by underlining one letter of a certain a page, etc. Keep it simple, keep it safe for your future self - write it down and store it.
Best of luck to you.
https://bitwarden.com/help/forgot-master-password/
On a mainframe from the 80s maybe.
The number of words is quite finite and the number of words in commonly used wordlists even more so. On the order of thousands maybe.
Given that they claim to know the starting letter, that should narrow it down to hundreds.
Even at multiple seconds per check that’d only be a few minutes.
A simple hash does nothing to slow brute force. It’s the underlying mechanism to do any password verification at all and usually rather quick.
State of the art for master-passwords are PBKDFs such is argon2i which are basically a hash hashed again and that hashed again and so on such that you must do a high number of hash calculations in order to verify a password; each depending on the previous.
You choose the number of iterations in a way that is still relatively quick to do in human terms but rather lengthy in computer terms (hundreds of ms to a few seconds). Every time you enter the master pw your computer runs through this PBKDF and you probably don’t even notice.
This does indeed “slow down” brute force attacks a good bit in relative terms but in this case the difference is inconsequential in absolute terms.
I don’t know about BW limitations in this regard but depending on whether @WtfEvenIsExistence@lemmy.ca is still logged in on any of their devices, they might be irrelevant because you don’t need to interact with any of BW’s servers even once to crack your own password. BW works offline if you have logged in once which implies that the pubkey, salt and whatever else is required to verify the password and unlock the vault are available locally.