Hi,
I first send this to support at Bitwarden , but they advised to put it in the forum, so is just do that
Think a lot of you have seen the lastpass breach and the latest podcast on twit with Steven from GRC.COM and the current hashing method has aged.
Read the below text please.
I where a lastpass user till a week ago.
Had a “strong” master password iterations at 100100 but stepped over to Bitwarden , It was adviced by GRC.COM via twit on youtube.
I viewed a video just now and became aware of the GPU rig capabilities on the hashing algoritms, pbkdf2 has aged , and it wat adviced to leave that and go to argon2 or SCRIPT , because that would need a 60Mbyte data area in memory with randomly connected pointers and GPU’S can not to that , because it can not be threaded , so my request is to implement this in Bitwarden to make it GPU cracking safe.
It was also stated the passphrase is nice but a randomly generated 64 bit bytechunk is better , but no one can remember that , I am not a high profile person , changed the passwords of the most important sites that i have and the most important ones al have MFA , what’s the advice that Bitwarden can give in this earea? , To what length do i need to go to make a super super super safe masterpassword? and also be able to remember it , the password that i now have is challenging enough for me, but GRC said it’s better to do 64 byte fully random and store it somewhere and copy and paste it in to unlock the safe.
If you see the capabilites of bitcoin mining rigs and they are used to brute force the safe, then nothing is safe except for leaving the the hashing algoritm and use a modern one like the 2 mentioned.
I think Bitwarden are getting more of these requests , it was adviced to send a request like this to Bitwarden to upgrade the hasing method.
I think i am safe because all the important fields in the vault are encrypted with bitwarden unlke what Lastpass did.
Learned just now that for some old accounts the iterations in lastpass where set to 1, unbelievable , i set mine in Bitwarden to 1234567 iterations to stay ahead of the moving train called GPU hacking.
The bad actors are going for the accounts with iterations is 1 and the high profile persons first, I use it for convinience , all my passwords are generated and should be safe as long as the vault stays safe, i learned that lastpass is getting sued , because of the mallpractice and people who are getting victimed by this hack.
Regards,
Ronald.