Based on the recommendations that I have read I just switched to Argon2id. Everything went fine. I was logged out on all my devices and I logged back in. I have two questions.
1 - I created a password protected copy of my vault before I made the switch. Should I now create a new copy?
2 - Do I need to re-encrypt?
-
Depending on when you made the export, it would have used a KDF consisting of either 100,000 or 600,000 iterations of PBKDF2-HMAC-SHA256. If the password used for the export was sufficiently strong (e.g., a randomly generated passphrase consisting of at least 4-5 words), then there should be no need to replace the backup. On the other hand, creating a new password-protected export wouldn’t hurt, and would further improve your security (assuming that you delete the old version of the export).
-
If by “re-encrypt”, you mean rotating your account encryption key (which causes all of your vault contents to be re-encrypted using the new encryption key), then there is no need to do so after changing your KDF from PBKDF2 to Argon2id.
1 Like
Exactly what I needed to know. Thanks!
1 Like