Accusations Against Password Vault Provider Over Encryption Issues
UPDATED Bitwarden, a password vault provider, has addressed renewed concerns regarding its encryption methods for safeguarding users’ secret keys by improving the security configuration of its mechanisms.
This concern revolves around the number of PBKDF2 hash iterations utilized to generate the decryption key for a user’s password vault. OWASP advises employing the PBKDF2 algorithm with random salts, SHA-256, and 600,000 iterations, a figure that has recently surged from the earlier suggestion of 310,000 rounds.
Currently, Bitwarden protects its data with 200,001 iterations – 100,001 iterations executed on the client side and an additional 100,000 on the server side. However, security analyst Wladimir Palant warned that while these numbers may appear impressive, the server-side iterations are ineffective, and older accounts were often left with significantly weaker security settings unless users manually adjusted their iterations.
Stay updated with the latest encryption-related security insights and analysis
On January 23, Palant published a technical blog post discussing the matter. In this blog, a Bitwarden user recounted that their account created in 2020 only used 5,000 iterations and noted that increasing the count to 200,000 did not show a noticeable slowdown in performance.
The decryption of password vault data hinges on a key generated from a user’s master password. Utilizing an insufficient number of iterations during the hashing process puts secrets at risk of brute-force attacks.
Impact of the LastPass Breach
Neglecting established best practices regarding hashing iterations poses a significant risk, particularly when a password vault server breach occurs, similar to the situation that recently impacted LastPass.
LastPass faced criticism for applying fewer than the recommended number of hashing iterations for encrypting user keys, using only 100,000 iterations as a maximum. Even worse, it had not transitioned older accounts to this minimal benchmark, leaving them with merely 5,000 rounds of security.
The LastPass incident prompted Palant to review practices among other password managers, revealing vulnerabilities in Bitwarden’s approach along the way.
Revisiting Historical Issues
The recent public acknowledgment of this issue triggered a response from cryptographer Nadim Kobeissi, who highlighted that he and his colleagues had identified and reported (PDF) a similar issue five years ago.
This problem was minimized in 2018, yet its resurgence has compelled Bitwarden to take action following the LastPass incident.
Bitwarden, the open-source password management service, has increased its default iterations on the client-side to 350,000, applicable only to new accounts initially. This figure has since been adjusted to 600,000 in adherence to OWASP’s updated guidance. It remains unclear whether existing accounts will also receive automatic updates.
A post by Bitwarden on Mastodon left community members puzzled.
“Bitwarden didn’t provide any indication about the timeline for this update or clarity on whether existing accounts will be upgraded to the new, higher default,” noted a poster on Bitwarden’s community forum.
A follow-up comment on the forum indicated that Bitwarden is treating this feedback as a feature request.
In responses to inquiries from The Daily Swig, Bitwarden acknowledged that it is indeed increasing defaults, emphasizing that users have always had the option to “modify and enhance iterations at any time.”
This article was updated to correct a mistake regarding who made comments about the actions concerning older Bitwarden accounts. The remarks originated from a reader of Palant’s blog, not the security researcher himself, as was previously and mistakenly stated.
YOU MAY ALSO LIKE Popular password managers auto-filled credentials on untrusted websites
Based on an article from portsweigger.net: https://portswigger.net/daily-swig/bitwarden-responds-to-encryption-design-flaw-criticism
