Prevent brute-force attacks on the pin encrypted master key

…by introducing a sever stored key part. The whole idea is to let the sever check the 5 tries limit and deleting it’s part of the encryption key if all tries where used or a timeout (e.g. 1 day) is reached.

I’m currently not a bitwarden user, but investigating if I want to change. I came a lot of posts discussing the problem that a pin encrypted master key could be extracted on the client side and be brute forced (due to low entropy). Then an idea came to my mind: why not introduce a server side component? If this idea was already discussed somewhere where I didn’t find it - I’m sorry in advance.

Sorry for the quality - I had to put the two pictures together (as I’m not allowed to post more than one :confused: )
The icons symbolize where the the keys are stored (client or server).

Advantages:

  • brutforce the encrypted master key is not longer possible (without having control over the server)
  • the server will only provide is key-part if the client can prove it is knowing the pin
  • the server does not get any information about the master-key nor the pin

Disadvantages:

  • the server needs to be reachable for pin unlock (allow the user to turn this off if he is offline often)
  • more complex logic required

What do you thing about this idea?

1 Like