PBKDF2 default iterations acording to OWASP

In 2021, OWASP recommended to use 310,000 iterations for PBKDF2-HMAC-SHA256 and 120,000 for PBKDF2-HMAC-SHA512. (Password Storage - OWASP Cheat Sheet Series)

Please update the default settings

Bitwarden, and conversely Vaultwarden uses PBKDF2 on both the client and server side.

With 100,000 iterations server side, along with a default, but configurable 100,001 interactions on the client side.
As further described below,

Vaultwarden packages up the standard web-vault along with some patches to make it work with their server. Vaultwarden also tries to match the upstream as much as possible where able, though you can make a request for this in the official Bitwarden forums.

Is there any implications, steps to follow, and recommendations on increasing the interations? If set to 100,000 can we increase to a recommended number.

The latest update seems to have 350000 iterations as standard. It may only be applied after changing your master password (without need to rotate key). You can change the value on the admin page and/or in a docker ENV value.

Is there a difference Between the iterations under each vault account settings vs the iterations on the admin page? If you change one does it change the other or are they each separate fields?

I would recommend taking a backup of your vault just in case, but as I understand really the only danger would come from some type of catastrophic failure should you also decide to Rotate the account encryption key as noted Increasing KDF interations - #10 by mgibson - Ask the Community - Bitwarden Community Forums

It is apparently recommend to only increase in increments of 50,000 iterations to verify compatibility with clients

Though if you have newer more capable hardware this seems to be a non-issue as I have mine set to slightly over 1.5mil iterations of PBKDF2 and had maybe only a noticable 1-2 second additional delay in logging in to my vault. Unlock is unaffected.

The web-vault iteration count would be for your individual vault prior to being sent to the server, there are an additional 100,000 iterations by default performed on the server side, which is what you see and can configure on the admin side.
This this may have its own flaws as described "Server-side hashing useless if the database is leaked" -- Security Consultant - Ask the Community - Bitwarden Community Forums but is being worked on and fixed by the official team upstream at Bitwarden.

1 Like

Just as a note here. We have bumped the defaults at Vaultwarden to 600_000 currently on testing. The web-vault part still needs an update to have that as a default. But apart from being able to update it your self via the web-vault, that should at least fix the main concern regarding the iterations.

3 Likes

Looking through the psql schema under the users table, there are 2 columns: password_iterations and client_kdf_iterations.

Changing my “KDF Iterations” in my Vault UI will change the value of client_kdf_iterations. Changing the env var PASSWORD_ITERATIONS does not change the password_iterations value in the DB, even after changing my master password, logging out and back in on all devices. Is this expected behavior? I believe the password_iterations field in the DB corresponds to the server side iteration.

Version 2022.12.0

Thank you

As mentioned in my previous post, you need the testing version of the container, not stable

1 Like