Bitwarden password hashing, key derivation, and encryption. So two different values are being derived from it: a master password hash, used to verify that the user is allowed to log in, and a key used to encrypt/decrypt the data. The Bitwarden server isn’t supposed to know this password. Like most password managers, Bitwarden uses a single master password to protect users’ data. How server-side iterations could have been designed.What this means for decrypting the data.And today OWASP changed their recommendation to 600,000 iterations, it has been adjusted to current hardware.Įdit (): I realized that some of my concerns were already voiced in Bitwarden’s 2018 Security Assessment. So far this change only applies to new accounts, and it is unclear whether they plan to upgrade existing accounts automatically.
Still, the protection offered by Bitwarden isn’t exactly optimal either.Įdit (): Bitwarden increased the default client-side iterations to 350,000 a few days ago.
LastPass also chose to downplay the breach instead of suggesting meaningful mitigation steps, something that Bitwarden hopefully wouldn’t do in this situation. LastPass also kept the iterations count for older accounts dangerously low, something that Bitwarden hopefully didn’t do either ( Edit: yes, they did this, some accounts have considerably lower iteration count). LastPass also failed to encrypt all data, a flaw that Bitwarden doesn’t seem to share. Mind you, LastPass isn’t only being criticized for using a default iterations count that is three time lower than the current OWASP recommendation. What remains are 100,000 iterations performed on the client side, essentially the same protection level as for LastPass.
Except: as it turns out, the server-side iterations are designed in such a way that they don’t offer any security benefit. This being twice the default protection offered by LastPass, it doesn’t sound too bad. It cannot be decrypted even for weak master passwords.Īs to Bitwarden, the media mostly repeated their claim that the data is protected with 200,001 PBKDF2 iterations: 100,001 iterations on the client side and another 100,000 on the server. But the fact that this random value is required to decrypt the data means that the encrypted data on 1Password servers is almost useless to potential attackers. The secret key functionality decreases usability, requiring the secret key to be moved to each new device used with the account. But do these do a better job at protecting sensitive data?įor 1Password, this question could be answered fairly easily. When people started looking for alternatives, two favorites emerged: 1Password and Bitwarden.
In the aftermath of the LastPass breach it became increasingly clear that LastPass didn’t protect their users as well as they should have.
0 kommentar(er)
