I use fewer number of iterations in KDF than recommended because Bitwarden is too slow with higher iterations. But with this, I always see the annoying warning “Low KDF Iterations” and can’t find a way to hide it. Please add an option to hide this warning, to not see it every time for users, that agreed with this.
Out of curiosity, on what type of device are you getting an unacceptable delay with 600k iterations of PBKDF2-SHA256?
And, albeit this is out of topic, but why don’t you just switch to Argon2?
I agree here, for the same brute-force resistance you get much lower unlock times on argon2. If default settings are too slow for you, try iterations=1, memory=64MiB, paralellism=1, and this will still be more brute-force resistant than PBKDF2, while unlocking faster.
Thank you for the explanation! Switched to Argon2 and the unlocking speed is even faster.
I would still be interested to know what kind of hardware/OS results in an unacceptable slowdown for 600k of PBKDF2.
Just a regular little old computer with the Intel Core I3 4130 CPU, and around 8 seconds of enjoying the “Logging in” spinner after each browser restart that is pretty annoying
I switched to Argon2 now, and there is no slowdown or speed-up detected, so seems it is just because of thousands of logins in my account.