Increasing KDF interations

If I increase the PBKDF2 interaction count in the Bitwarden vault, does this cause my vault to be re-encrypted locally and then re-uploaded to the Bitwarden server?

TBC I’m a new user so I don’t know :laughing: but this question was asked 2 days ago (here) and the answer was
“your encrypted vault data are completely unaffected by a change to the KDF iterations”

I was suprised because I thought increasing the PBKDF2 iterations would give a new master key and therefore a new encryption key. :crazy_face:

Thanks. I’m not a developer or security expert, but from what I’ve now read, my understanding is that changing the PBKDF2 interaction count only serves to make it harder for a hacker to ‘reverse engineer’ your Master Password if they were somehow able to hack into Bitwarden’s servers. But I’d love to get that confirmed by a Bitwarden dev.

I haven’t looked at the code yet, but from knowing the algorithms involved:

  • If changing your iteration count triggers a re-encryption, then your encryption key is derived from your password
  • If it does not, that means that you have a cryptographically secure random key, which is wrapped using your password. (The key itself is encrypted with a second key, and that key is password-based.)

If you were in condition 1 (data encryption key comes from the password itself) but it didn’t trigger a re-encrypt, I would flag this as a possible security-affecting bug to investigate.

Condition 2 sounds more likely. That’s for sure the way HDD encryption works.

Their white paper hinted to me the encryption is from the master password but now you point it out condition 2 makes more sense.

1 Like

It is indeed condition 2.

Your master password is used to derive a master key, using the specified number of KDF iterations. This master key is then used to decrypt an encryption key, which is used to encrypt/decrypt everything in your vault.

There are several reasons why this wrapping method is preferred, the biggest one for Bitwarden right now is the fact that you can change your password without needing to update everything in your vault.

If you a looking to update the encryption of everything in your vault, for some reason, that can by done by selecting “Also rotate my account’s encryption key” on the change password screen. You should note that this might take a while and is a somewhat more dangerous operation due to potentially causing your vault items to be locked forever if something goes wrong during your key rotation (see the help docs)

Is rotating your encryption key safe provided you first log out of all other Bitwarden sessions (browser extension, mobile app etc) before doing the Master Password update and key rotation via the web vault?

Rotating the account encryption key should have no affect given that you log-out of all clients as you suggested.
The docs even specify that after rotation, the clients should immediately be logged out, though I would argue that being sure to sign out of all other clients before rotating the encryption key as you specified, would be the best practice to ensure no issues.

The only concern when rotating the account encryption key being specified here

Making changes in a session with a “stale” encryption key will cause data corruption that will make your data unrecoverable.

Should one fail to log out after changing the account encryption key, this could lead to data corruption if they tried to make changes to the vault data with the stale old account encryption key.

@mgibson Matt, I had been aware of the possibility of corruption if editing a vault item in an active session that has a stale encryption key, but your comment above suggests that there are other (and potentially more serious) failure modes. Just to help me envision the worst-case scenarios, would you mind providing one or more concrete examples where “something goes wrong during your key rotation”? Would this be limited to Bitwarden’s servers crashing in the middle of performing the re-encryption?

Rotating an encryption key involves re-encrypting and re-uploading every item you have stored (vault items, folders, some send data) and then storing the new encryption key. If this full process does not complete, you’re in hot water.

The most likely ways for an issue mid-rotation would be either network issues or closing the client in the middle of the operation. In principle a Bitwarden server crash would do it, as would a client crash, but network or forced application stoppage are more likely.

@mgibson Thanks for the additional information. For some reason, I assumed that the re-encryption happened server-side, but I guess it makes more sense that it all happens client-side. SO is the sequence as follows?

  1. New encryption key is generated in memory client side.
  2. Decrypted vault items in memory are encrypted with the new key client-side, and then transmitted to the server.
  3. When all is done, the encryption key is protected and sent to the server.
  4. Local vault is replaced by downloading the re-encrypted vault data from the server.

If the above is correct, corruption would occur if the process is terminated in Steps 2 or 3, is that correct?

If there is a temporary network outage during these steps, would the process resume when network connectivity resumes, or does the process abort?

Could this also affect Organization vaults? In other words, if a key rotation failed for any reason, then not only one’s own vault could be corrupted, but presumably items in Organisations of which one is a member?

Hi! I’ve create a premium account and finally delete forever LastPass app. I like Bitwarden.
First question: why can’t delete the default NEW FOLDER on my vault?
Second one: I’ve a idiot dubt; I change the interation to 310000. It’s correct or I must write 310.000 or 310,000

Thank you :wink:

Just 310000. I don’t have a New Folder reference. I do have a No Folder reference after I erased all the folders that ported over with LastPass.

1 Like

Thank you so much

How does Bitwarden manage this? I would have thought it would be done as an atomic transaction, so one gets either no change or all changes, and the database is always in a consistent state.

Yes, something like ACID properties for databases?

1 Like

The transaction would need to be within one REST method and I assume it has to be split over multiple methods so multiple database transactions.

Nope, key rotation rotates only the user’s secrets. Organization keys cannot be rotated at this time.

If corruption were to occur, it would impact a given user’s ability to decrypt organization vaults, but not the data contained within the organization itself – good question!

1 Like

If I remember correctly, steps 2 & 3 are reversed, but it’s much of a muchness.

As for a network outage, that would depend on the duration of the outage. If step of the process errors, we try to back it out, but the back out itself requires network access. If those fail as well, there isn’t much we can do.