Add Argon2 option the to interactive cryptography tool

Not sure if this is already on the @Quexten’s and Bitwarden devs’ list of things to do, but I think it would be very helpful to update the Interactive Cryptography Tool to include an implementation of the new Argon2 KDF Support (including the ability for users to test the settings for iterations, memory, and parallelism parameters).

Among other uses, this would provide users a tool to test the performance of the client-side hashing on their own device, before making changes in the actual account settings. We’ve seen a few instances on the forum of users running into problems when increasing the kdfIterations setting for the current PBKDF2 hashing function, and subsequently being unable to log in to their accounts. The cryptography tool could provide a testing grounds for checking the browser responsiveness at various KDF cost settings, before committing to making such a change in the account settings.

I imagine that the cryptography page will eventually be updated, but I would recommend that this update be implemented a.s.a.p. , because as soon as the new Argon2 KDF support is released, there are sure to be some users who will push all parameter settings to their maximum values (and then be surprised at getting logged out from all sessions, despite the prominent warning message). Some of these users may have trouble logging back in…

3 Likes

To be honest I had no idea this existed. Is there an open source repo for the cryptography tool?

In the meantime, to get a sense for the performance for the non-native (so not mobile, cli) versions you can always try Argon2 in browser since it uses the same WebAssembly library as the Bitwarden clients.

The defaults in Bitwarden are (from memory) Iterations: 3, Paralellism: 4, Memory: 128MiB (131072 KiB), Argon2id.
The maximum values are: Iterations: 10, Parallelism: 16, Memory: 1GiB (1048576KiB).

1 Like

There’s this archived page, but I believe that Bitwarden made all Help Center resources closed-source last year, for some reason.

Hi @grb, the help center was moved to our content management system to allow us to scale publishing. we are still investigating if we can connect it to a GitHub repository.

1 Like

@grb I voted for this, but are there any other websites that we can use now for performance testing?

Yes, you can use this site (as suggested by Quexten above):

https://antelle.net/argon2-browser/

When I try the maximums that @Quexten mentioned on my newish Chromebook, I get a memory allocation error and it fails to complete. Will that scenario lock users out of their Web Vaults if it happens in Bitwarden?

It seems like we need a Test button built into the Keys tab in the Web Vault.

If it fails on the machine you are trying it on, no, it prevents you from changing it, or locking yourself out.

If you change the limits on a machine where it works (machine A), above the maximums of another machine (machine B), you cannot log in on machine B until you change it down again on A.

What’s the RAM on the chromebook? Is it really that low, or is chrome just artificially limited on chromebooks?

It only has 4GB of RAM. I don’t know if it somehow artificially limited.