Argon2id: is this too much for android

I don’t really understand the security side of things, I have been reading alot and watching videos and I think my head is going to explode.

Watched a video and setup mine:

KDF Memory: 500
KDF Iterations: 6
KDF: Parallelism 8

These settings doesn’t seem to affect the android devices, My laptop is a bit slower and my pc is just fine. I am surprised that my old Samsung Tablet runs quicker than the laptop.

I think it’s slower on the laptop because the PC implementation runs on a single core, and the parallel speedup isn’t used, whereas the phone uses all 8 cores, and the PC just runs on shear single-core speed.

Yours is already more than the default setup, so it’s already safer than safe, but as long as the “slowdown” doesn’t annoy you, it is fine.

It’s also good to know that KDF is partly used to protect weak password. If you already have a strong password (say, a 10-word randomly generated passphrase; I don’t know where the cutoff is), increasing the parameters from the default isn’t buying you much, i.e. moving it from uncrackable to uncrackable.

1 Like

A 10 word passphrase is about 80 characters. Much longer than most are using. Entropy for a 10-word passphrase is about 130 bits, which is considered far more than is necessary even for weakly configured Argon settings. The consensus seems that a six word passphrase using the Argon2id defaults will secure the vault for the next 100 years even against the most well financed attackers.

3 Likes

Thanks I’m using a 4 word pass phrase as I thought 4 is a good standard strength ?

1 Like

With those Argonn settings yoour pass phrase (random) will be fine.

2 Likes

Four words in a randomly generated passphrase is perfectly fine for a Bitwarden Master Password for the vast majority of users. The exceptions would be if your vault assets are valued in excess of hundreds of millions of dollars, or if you are an Enemy of the State, or if you are concerned with someone stealing your vault data today, then warehousing the encrypted data for many decades and carrying out a brute force attack using future computing technology.

3 Likes

Thank you everyone :+1: I can now sleep better. The delay in opening Bitwarden is nothing to moan about the longest is 15 seconds on the laptop from a cold boot, then about 8 seconds after that.

1 Like