Add the ability to make the number of iterations in the key derivation algorithm (PBKDF2) user configurable.
I’m a bit unsure if letting users vote on such important security features is a good idea. Those should always be higher up on the todo list than the “normal” feature requests.
And IF you want users to vote on these things, the feature should at least be explained in a way, that normal users (=non-developers) understand the added security provided by this feature and thus the importance.
well it seems from the votes that lots of users understand the importance of this feature, but i agree this is vitally important, especially since the default amount used today is pretty low for modern standards
Besides the increased security of having more iterations, Is there added security to users having different numbers of iterations?
IOW, if an attacker knows everyone is using 5000 iterations, is it easier to coordinate an attack versus attacking a system in which users are using different numbers of iterations (with a minimum of 5000)?
Agree here, there should be a minimum number of iterations set. Sky being the limit
This feature request “mirrors” the PIM feature on VeraCrypt’s encrypted vaults. The personal iteration manager (PIM) lets users specify the exact needed iteration count and an adversary would not know the count needed. It greatly increases/fortifies the strength of the vault firewall.
Preliminary support for this feature will be available in the next app releases. Once the updates have propagated throughout we will enable the ability to alter a setting from the web vault for 5,000 - 1,000,000 iterations.
Thanks, this should be a priority considering the purpose of bitwarden
When this feature will be deployed? any estimation?
I am waiting for this to migrate from lastpass paid.