The recent LastPass breach has put a lot of focus on the number of PBKDF2 hash iterations used to derive the decryption key for the password vault. LastPass got in some hot water for their default iterations setting being below the OWASP recommended setting for PBKDF2-HMAC-SHA256 of 310,000 at 100,100. However, what was more sharply criticized was the failure of LastPass to migrate older accounts to their new default, with many older accounts being left at 5,000 iterations and even reports of accounts with the iterations set to as low as 1.
Bitwarden currently has a default setting of 100,001 iterations client-side with an additional 100,000 server-side. However, I have recently read analyses from security researchers essentially claiming that the server-side hashing implementation would do nothing to protect against a password vault server breach similar to the recent LastPass attack. This means that as a defense against such an attack, there are only 100,001 iterations being used in practice. I will link the sources for this claim below with the note that I am not a security expert and am relying on the claims of those who are. If they are wrong, I would be happy to be corrected:
While I have seen feature requests to introduce Argon2 and to introduce a secret key a la 1Password, I imagine these suggestions would take quite a while to implement. A simpler short-term solution would be to simply increase the default number of PBKDF2 iterations for all accounts. While of course individual users can increase this setting manually in their account settings, in practice most users won’t do this, especially ones not familiar with good security practices who are most likely to have weak master passwords and need the increased PBKDF2 iterations most.
A Mastodon post from Bitwarden has indicated that they plan on raising the default number of iterations to 350,000, which is great! However, they give no indication on the timeline for this change and are vague about whether existing accounts will automatically be upgraded to the new, higher default. Having this update apply to all accounts in critical in my opinion. I would be interested to know if there is a method for doing this and if not, will there be some kind of communication prompting users to increase this setting manually?
While on the topic, it might be worth mentioning that the minimum allowed number of PBKDF2 iteration is 5,000, which is apparently quite low. I don’t see a great need to change this as long as the default number is high enough, especially since there might be some edge cases where older hardware can’t handle a higher number of iterations. However, a warning when a user tries to set the number of iterations below the default would probably be wise.
I’m a happy, long-time Bitwarden Premium customer though I just made this forum account today. If some kind of feature request should be opened reflecting what I’ve written here, please let me know! I did not see anything from the brief search I did.
Edit: A mod has moved this to feature requests