Bitwarden, a renowned provider of password vault services, has recently upgraded its default security setup in response to fresh critiques regarding the encryption system it employs to safeguard users’ confidential encryption keys.
The problem revolves around the quantity of PBKDF2 hash cycles employed to generate the decryption key for a user’s password safe. In this context, OWASP advises the utilization of the PBKDF2 technique with random salts, SHA-256, and 600,000 repetitions. This number has been recently bumped up from the earlier suggestion of 310,000 rounds.
Bitwarden has assured its users that their information is safeguarded through a dual-layered protection system involving 200,001 iterations – 100,001 on the user end and an additional 100,000 on the server end. However, cybersecurity expert Wladimir Palant cautions that the server-side iterations might not be as robust as they sound. More concerning, he points out that accounts that have been around for a while may have much weaker security parameters unless the users have taken steps to manually enhance iteration numbers in their account settings.
Stay updated with the most recent developments and insights in encryption-related security.
On Monday (January 23), Palant shared a detailed article about a tech-related problem. Reacting to this article, a Bitwarden user pointed out that an account they began utilizing in 2020 functioned with merely 5,000 iterations. They also mentioned that enhancing the count to 200,000 did not result in a significant slowdown.
The information stored in a password vault can only be decoded using a unique key generated from an individual’s main password. If this password is not processed through enough cycles, it becomes vulnerable to potential aggressive trial-and-error attacks.
Revisiting the Aftermath of the LastPass Breach
The recent LastPass server breach highlighted the real-world consequences of neglecting to adhere to the recommended number of hashing iterations in the industry. This became a pressing issue when a password vault server was compromised.
LastPass came under criticism for not adhering to the suggested number of iterations while hashing users’ encryption keys, managing only 100,000 at most. More alarmingly, it neglected to upgrade older accounts to this already below-par standard, letting them linger with a mere 5,000 layers of safeguard.
The security breach at LastPass spurred Palant to examine the procedures of other password vault creators, during which they discovered flaws in Bitwarden’s methodology.
A Blast from the Past
This week’s public revelation of the problem led to cryptographer Nadim Kobeissi highlighting that he, along with his team, had discovered and submitted a report (PDF) regarding the same issue half a decade ago.
The problem was minimized in 2018, however, its reappearance this week, following the LastPass security incident, has spurred Bitwarden into action.
The free password management platform has reacted by boosting its baseline client-side repetitions to 350,000, a modification that initially only affects new accounts. This number was later raised to 600,000 following updated advice from OWASP. It remains somewhat ambiguous whether existing accounts will be automatically upgraded or not.
A message from BitWarden to Mastodon left a few in the community puzzled.
“Bitwarden has not provided any specific timeframe for this modification and it’s unclear if the existing accounts will be seamlessly transitioned to the upgraded, superior default,” a participant in Bitwarden’s community forum states.
Based on a follow-up post on the same discussion board, Bitwarden is considering this critique as a suggestion for a new feature.
When questioned by The Daily Swig, Bitwarden acknowledged that “defaults are on the rise”, further adding that users could earlier “modify and augment iterations whenever they wished”.
The narrative has been amended to rectify the misattribution of opinions about the conduct of aged Bitwarden accounts. These observations were provided by a follower of Palant’s blog, rather than the security investigator themselves, as falsely stated earlier.
