Good morning, is there any way to force the use of Argon2id for all new accounts created in a Vaultwarden instance?
Reviewing this page and the documentation I have seen that a user tried to do it by modifying the code and that from the web interface can be modified once the account is created but I would like to know if there is any environment variable that can be configured in docker or a value that can be modified in the administration page (/admin) to use Argon2id instead of PBKDF2.
Thanks!
As far as I know this is set initially by the client, so you’d have to build your own web-vault and change (at least) the DEFAULT_KDF_TYPE to KdfType.Argon2id.
Since the default comes from the client there is no simple way to force this in Vaultwarden. (So no, there is no configuration option you can set to change it and there most likely won’t ever be one, at least not until Bitwarden changes this default.)
update: you probably need to override the DEFAULT_KDF_CONFIG too.