RE: Increasing KDF Iterations…
Are there any inherent problems caused by increasing KDF iterations? That is, any risk of losing data, etc.? Have users experienced issues when making this change to an existing Bitwarden account?
I know the CYA answer is to always backup the data, which I would do, but I would like to be aware of any potential problems that might arise.
The main problem would be that you increase it so much that it takes too long to log in or unlock your vault on devices with lower computing power. In extreme situations, this could even cause you to get locked out of your vault (especially with Argon2id).
In addition, there have been rare reports of database corruption following a KDF change, causing the user to become locked out of their account.
I have been ignoring the “Low KDF Iterations” warning since it began appearing on vault unlock precisely due to the concerns raised in this thread. I have done so with some consternation because I am sensitive to the security recommendation inherent in the warning message. My concern is not having access to a backup. Of course I would take care to insure that I have a current backup is in place. Similarly with a 2FA insurance policy. My concern is getting locked out of my premium subscription account due to some deep encryption/decryption hiccup over which I have zero control and for which I have zero recovery option(s).
This seems like a delima for which Bitwarden should provide some sort of “Pearl Harbor” recovery option.
FWIW, in the one case I remember that resulted in a corruption of the user’s master password hash (thereby locking them out of their account), I believe (if my memory serves me right) that Bitwraden was able to restore the account from their server backups. Furhtermore, I believe that Bitwarden made some fixes to prevent this kind of thing from happening to others.
Thanks for the reassuring comments.
Speaking from personal experiences, I would do a backup before I do any thing on that page, i.e. password change / hint change / KDF change, especially key rotation.
Theoretically, key rotation is the most dangerous because the vault has to be entirely re-encrypted, unlike the other operations of which the encryption key has to be re-encrypted, unless you pick a KDF scheme that takes a long time to do. But I have had my vault corrupted because of password change, but not because of key rotation, and not because of KDF changes.