Is there a way to find out how many KDF iterations are currently being used? The settings page defaults to 100,000 instead of the current value. I can’t remember if I selected 500,000 or 1,000,000 iterations.
On another note, what’s the most iterations someone has used with an iPhone 14 Pro? Curious how high you can go before someone notice’s things slowing down.
The KDF iterations increase the cracking time linearly, so 2,000,000 will take four times as long to crack (on average) than 500,000. This is equivalent to the effect of increasing your master password entropy by 2 bits, because log2(2000000/500000) = log2(4) = 2.
In contrast, increasing the length of your master password increases the cracking time exponentially. For example adding one more diceware word to a randomly generated passphrase will make the cracking time almost 8000 times longer (7776, to be exact, if using the EFF word list), which corresponds to approximately 13 bits of additional entropy.
If using a master password that is a random string of printable ASCII characters, then adding one more character to the password will increase the average cracking time by a factor of 95 (corresponding to around 7 bits).
Thus, increasing the number of KDF iterations does make it more challenging to crack your master password, but it is nowhere near as effective as increasing the length of your master password.
Regarding your question, I believe that is correct. According to the docs PBKDF2 is the hashing algorithm used on the master password to gain the encrypted vault data locally on your device, and the account’s encryption key for your vault data.
Once logged in if you choose to only unlock, your vault data is stored encrypted locally on your device which allows for an offline cache as well. Since this is only needing to decrypt the data locally I believe you would be right that unlock would not be affected by increased PBKDF iterations past the initial log in.
I may have misunderstood, but I don’t think this is accurate. When the vault is locked, the vault data are cleared from memory, and the decryption of the locally stored vault that happens when unlocking requires the account encryption key, which is itself encrypted in the form of a “PIN protected key”. The decryption of the PIN-protected key does require stretching of the PIN by PBKDF2-HMAC-SHA256 using the specified number of KDF iterations. Thus, the performance hit, if any, should occur both when logging in and when unlocking (as well as when setting the PIN).
In addition to the work factor as already explained. I think there is a secondary benefit.
I think the iteration count will be stored in your vault but as plain text i.e. unencrypted because BW will need to read that before being able to do any decryption. In this case I suggest that in the event of a breach then hackers will attack vaults with the lowest KDF iterations first so having a high iteration will make sure your safe for longer.