John Leyden 25 January 2023 at 15:47 UTC
Updated: 30 January 2023 at 13:31 UTC
Password vault vendor accused of making a hash of encryption
UPDATED Password vault vendor Bitwarden has responded to renewed criticism of the encryption scheme it uses to protect users’ secret encryption keys by enhancing the mechanism’s default security configuration.
The issue centers on the number of PBKDF2 hash iterations used to compute the decryption key for a user’s password vault. In this scenario, OWASP recommends using the PBKDF2 algorithm with random salts, SHA-256, and 600,000 iterations (a figure recently increased from the previous recommendation of 310,00 rounds).
Bitwarden said that its data is protected with 200,001 iterations – 100,001 iterations on the client side and a further 100,000 on the server side. But security researcher Wladimir Palant has warned that, while this might sound impressive, the server-side iterations are ineffective. And, much worse, older accounts were stuck with much lower security settings (unless they manually increased iterations on their settings).
Catch up on the latest encryption-related security news and analysis
Palant posted a technical blog post on the issue on Monday (January 23). In response to this blog post, a Bitwarden user claimed an account they started using in 2020 operated with just 5,000 iterations (adding that increasing the count to 200,000 failed to cause a “noticeable slowdown”).
Password vault data can only be decrypted using a key derived from a user’s master password. Hashing this password through an insufficient number of iterations leaves secrets at risk to