I have a school project where I have to design a password manager app so I’m reading Bitwarden white paper to have an idea of what’s going on and I have a few question.
First, Bitwarden use AES-256 bits encryption which means the iv length must be 128 bits and the key length must be 256 bits. However, the Symmetric Key is encrypted using stretched master key and it’s length is 512 bits, and the Organization Symmetric Key is encrypted using the public key generated from RSA Key Pair and it’s wayy longer than 256 bits. How is this possible?
const masterKey = pbkdf2Sync(password, email, 100000, 32, ‘sha256’);
const symmetricKey = randomBytes(64);
const iv = randomBytes(16);
const cipher = createCipheriv(‘aes-256-cbc’, masterKey, iv);
const protectedSymmetricKey =cipher.update(symmetricKey, ‘utf8’, ‘hex’) + cipher.final(‘hex’);