Bitwarden design flaw: Server side iterations

Discussion in 'other security issues & news' started by summerheat, Jan 23, 2023.

  1. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/

     
    Last edited: Jan 23, 2023
  2. DjKilla

    DjKilla Registered Member

    Joined:
    Oct 4, 2021
    Posts:
    207
    Location:
    Tampa, FL
    They should up their iterations. One of the first things I did when creating my Bitwardin account was change the iterations for PBKD2 to 1,000,000. Not only one million iterations but also made my password very long with a combination of upper/lower case letters, numbers and symbols, plus rotated my account encryption key. I recommend everyone does this or at the very least, make a longer password and change their iterations in the security tab.
     
  3. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Would changing the iteration help much in this case?

     
  4. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    LastPass used to claim that too.
     
  5. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Uh, that's a lot! Doesn't that slow down things too much? (I'm not using Bitwarden but KeePassXC which doesn't use PBKDF2 but Argon2.)
    A better approach is actually the diceware approach as mentioned by Palant. The math is simple: The ASCII character set has about 80 characters, the standard diceword list has 7776 words. This corresponds approximately to 80² (actually a bit more). This means a diceware passphrase with 7 words has about 7776 ⁷ ~= (80²)⁷ = 80 ¹4 combinations. In other words, a diceware passphrase with 7 words is about as strong as a password with 14 random ASCII characters - but much easier to remember :)

    And if you add just one or two numbers or symbols or use a bigger diceword list, the passphrase becomes even stronger.
     
    Last edited: Jan 23, 2023
  6. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Well, but Lastpass has no secret key like 1Password. I don't know if 1Password encrypts all metadata, though. Lasspass obviouly doesn't.
     
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,001
    Location:
    Member state of European Union
    I don't have to remember my random Bitwarden password. KeePass does this for me
     
  8. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    I expect they are all hyped up beyond their actual capability.
     
  9. DjKilla

    DjKilla Registered Member

    Joined:
    Oct 4, 2021
    Posts:
    207
    Location:
    Tampa, FL
    Changing the iterations definitely helps. But what the article was stating is IF Bitwardins server was compromised, then the hacker could set the iterations on the client side to the lowest overriding what they previously had. I know this sounds scary and it is but I'm sure Bitwardins servers are well protected and after the LastPass incident, they and everyone else in the password manager business are probably looking over and refortifying that protection. Bitwardins code is open source unlike LastPass so I'm sure there will be an audit again as well to make sure it remains a solid choice for a password manager.
     
  10. DjKilla

    DjKilla Registered Member

    Joined:
    Oct 4, 2021
    Posts:
    207
    Location:
    Tampa, FL
    Yes, the larger the iterations could slow everything down but not as bad as you might think. On a modern phone or a fairly modern computer, the slow down would be unnoticeable. On a device that's more than a few years old, it might add a 1-2 second delay. So really not a big deal. The higher the iterations, like 2 million plus which is overkill, would add that few second delay. That's why I set mine to 1,000,000 which is a good solid point.

    You are correct on the passphrase. A good long password will overcome low iterations to a point. A long password could take a modern computer/GPU a very long time (Years) to break which is why the password/passphrase is so critical. Adding the iterations makes it almost impossible since that password is then rehashed over and over. Kinda like the layers of an onion.
     
  11. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    thank you
     
  12. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
  13. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    It may surprise some to learn that Tavis Ormandy's article was posted here like almost 1 1/2 years ago. In that post, you may also be surprised that he used to recommend LastPass. :)

    https://www.wilderssecurity.com/thr...uilt-in-password-manager.430518/#post-3031667

    Now I don't know what to think anymore since it's becoming a hack-epidemic. Guess just keep status quo for now.
     
  14. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    There was a time when I would have also. I believe it slowly deteriorated with the change of ownership. And the tripling of the price.
     
  15. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    So far, in my opinion, all of these recent isssues/vulnerabilities points to a simple conclusion. Have a strong master password.
     
  16. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Really? Wow. But LastPass was not hacked just once but at least twice? Never mind the cost--that alone would have sent me directly to another provider. Possibly BitWarden, maybe someone else.

    It's getting to be a gamble now. And the paid alternatives don't guarantee you absolute safety anymore. Prob. never did.

    Edit: yes, @Azure Phoenix. I'm debating, not to get a Password Manager, but a Password Generator, and keep any of those offline. It's an extra step and something to consider.
     
  17. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    KeePass is a popular offline option and StickyPassword has the option to be offline as well as sync on LAN or internet.
     
  18. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Thanks very much for the tip, xxJackxx. I went ahead and looked at 1Password's generator and thought about copying enough random ones with numbers and symbols, then changing a few characters on notepad and then storing that offline on my external HDD.

    It's a little bit of extra work but I'm starting to get perturbed with all these incidents. Two of my passwords were pwned recently (PayPal and AT&T Mobile) and it's starting to get on my nerves. This seems a reasonable if not particularly fast solution.

    If anyone is interested:

    https://1password.com/password-generator/
     
  19. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,063
    Location:
    Canada
  20. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,444
    Location:
    "An Apple a Day, Keeps Microsoft Away"
    Yeah, I have to agree with you on the Strong Master Password.:thumb:
     
  21. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,410
    Location:
    U.S.A.
  22. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Took a look at this and drat! Had already generated some passwords with 1Password and sent them off to Notepad. Bookmarked this page, however, because it looks like the right ticket if you don't want a Password Manager. What's done already can always be undone.

    Many thanks! :thumb:
     
  23. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,410
    Location:
    U.S.A.
    plat, you're welcome! Take care.
     
  24. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Respond from a dev

    https://reddit.com/r/Bitwarden/comments/10jj6fk/_/j5mjqbx/?context=1
     
  25. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,001
    Location:
    Member state of European Union
    +1
    I have my Bitwarden password generated and stored in KeePass on laptop.
    On smartphone I have Bitwarden always logged in, so I don't need type it in more than once until factory reset or phone change. Phone lock screen + Bitwarden PIN (local credential) are protecting stored secrets from thieves.
    I don't store most valuable passwords on Bitwarden. Not because I don't trust Bitwarden's encryption(attacker on server can't do anything). It is more about being forced/compelled to gave up the PIN, or thieves having some kind of 0-day against lock screen, and it's probably a bit of overkill.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.