Concerns Raised Over Password Vault Vendor’s Encryption Practices
UPDATED: Password vault provider Bitwarden has addressed renewed concerns surrounding its encryption strategy for safeguarding users’ secret keys by strengthening its default security configurations.
The primary concern focuses on the number of PBKDF2 hash iterations used for generating a decryption key for a user’s password vault. According to OWASP recommendations, the PBKDF2 algorithm should include random salts, utilize SHA-256, and execute 600,000 iterations (up from the earlier recommendation of 310,000).
Currently, Bitwarden secures its data with only 200,001 iterations—100,001 on the client side and an additional 100,000 on the server side. However, security researcher Wladimir Palant has cautioned that despite their numerical appeal, the server-side iterations are ineffective. More alarmingly, older accounts risk lower security settings unless users manually adjust their iteration counts.
Stay informed on the latest encryption-related security updates
Palant addressed this issue in a technical blog post released on January 23. A Bitwarden user later revealed that their account, created in 2020, operated with only 5,000 iterations, noting that increasing this to 200,000 yielded no noticeable performance impact.
Access to password vault data hinges on a decryption key derived from the user’s master password. Insufficient iterations in hashing this password expose secrets to potential brute-force attacks.
Reevaluating the LastPass Breach
Compliance with industry standards regarding hashing iterations is crucial, especially following a password vault server breach, a situation recently endured by LastPass.
LastPass faced criticism for employing fewer hashing iterations than recommended when securing users’ encryption keys, reaching only 100,000 in their optimal case while older accounts remained at just 5,000 rounds of protection.
The LastPass incident prompted Palant to scrutinize encryption practices among various password vaults, leading him to discover deficiencies in Bitwarden’s methods.
Unfolding History
The public exposure of this concern prompted cryptographer Nadim Kobeissi to highlight that he, along with a team, had previously discovered and reported (PDF) the same issue five years prior.
The issue was minimized in 2018, but its resurgence this week, following the LastPass breach, has spurred Bitwarden into taking action.
The open source password management service has responded by elevating the default client-side iterations to 350,000 for new accounts, which was later increased to 600,000 in response to updated OWASP guidance. However, it remains uncertain whether existing accounts will automatically receive these higher settings.
A Mastodon post by Bitwarden left some community members puzzled.
Critics noted, “Bitwarden gives no indication of a timeline for this adjustment and remains ambiguous about whether current accounts will transition to the new standard,” as outlined by a community forum poster.
According to a follow-up on the same forum, Bitwarden is viewing this feedback as a feature request.
In response to inquiries from The Daily Swig, Bitwarden confirmed that “defaults are increasing”, adding that users had always had the option to “adjust and increase iterations at any time.”
This article was updated for clarity regarding the attribution of comments concerning older Bitwarden accounts. Those comments originated from a Palant blog reader and were mistakenly attributed to the security researcher.
YOU MAY ALSO LIKE: Popular password managers auto-filled credentials on untrusted websites
Based on an article from portsweigger.net: https://portswigger.net/daily-swig/bitwarden-responds-to-encryption-design-flaw-criticism
