In 2021, OWASP recommended to use 310,000 iterations for PBKDF2-HMAC-SHA256 and 120,000 for PBKDF2-HMAC-SHA512. (Password Storage - OWASP Cheat Sheet Series)
Please update the default settings
1 Like
Bitwarden, and conversely Vaultwarden uses PBKDF2 on both the client and server side.
With 100,000 iterations server side, along with a default, but configurable 100,001 interactions on the client side.
As further described below,
Vaultwarden packages up the standard web-vault along with some patches to make it work with their server. Vaultwarden also tries to match the upstream as much as possible where able, though you can make a request for this in the official Bitwarden forums.
Is there any implications, steps to follow, and recommendations on increasing the interations? If set to 100,000 can we increase to a recommended number.
The latest update seems to have 350000 iterations as standard. It may only be applied after changing your master password (without need to rotate key). You can change the value on the admin page and/or in a docker ENV value.
Is there a difference Between the iterations under each vault account settings vs the iterations on the admin page? If you change one does it change the other or are they each separate fields?
I would recommend taking a backup of your vault just in case, but as I understand really the only danger would come from some type of catastrophic failure should you also decide to Rotate the account encryption key as noted Increasing KDF interations - #10 by mgibson - Password Manager - Bitwarden Community Forums
It is apparently recommend to only increase in increments of 50,000 iterations to verify compatibility with clients
Though if you have newer more capable hardware this seems to be a non-issue as I have mine set to slightly over 1.5mil iterations of PBKDF2 and had maybe only a noticable 1-2 second additional delay in logging in to my vault. Unlock is unaffected.
The web-vault iteration count would be for your individual vault prior to being sent to the server, there are an additional 100,000 iterations by default performed on the server side, which is what you see and can configure on the admin side.
This this may have its own flaws as described "Server-side hashing useless if the database is leaked" -- Security Consultant - Password Manager - Bitwarden Community Forums but is being worked on and fixed by the official team upstream at Bitwarden.
2 Likes
Just as a note here. We have bumped the defaults at Vaultwarden to 600_000 currently on testing. The web-vault part still needs an update to have that as a default. But apart from being able to update it your self via the web-vault, that should at least fix the main concern regarding the iterations.
4 Likes
Looking through the psql schema under the users table, there are 2 columns: password_iterations and client_kdf_iterations.
Changing my “KDF Iterations” in my Vault UI will change the value of client_kdf_iterations. Changing the env var PASSWORD_ITERATIONS does not change the password_iterations value in the DB, even after changing my master password, logging out and back in on all devices. Is this expected behavior? I believe the password_iterations field in the DB corresponds to the server side iteration.
Version 2022.12.0
Thank you
As mentioned in my previous post, you need the testing version of the container, not stable
1 Like
Hi, I currently host Vaultwarden version 2022.12.0. Both the admin web server side and my Bitwarden clients all currently show a KDF iterations value of 100000. In order to increase to the new default number of iterations, what should be the order of operation - do I need to change the server side value to 600000 first? Or does the 100000 in the admin panel represent the additional iterations when stored on my server?
I also see that it is recommended to increase by 50000. Going from 100000, that means I should do this 10 times. How strong is the recommendation to increase by 50k? Has anyone jumped from 100000 to 600000?
Please excuse my haste! I just re-read your post. You have already provided the answer to my question stating that the additional 100,000 iterations on the server side is what we see on the admin side. So really, I just need to modify the KDF iterations from the web-vault. So far I’ve increased it by 50k and all my apps seem to work fine. Onwards!