On a sidenote, the Bitwarden 2023. Not sure if this is already on the @Quexten’s and Bitwarden devs’ list of things to do, but I think it would be very helpful to update the Interactive Cryptography Tool to include an implementation of the new Argon2 KDF Support (including the ability for users to test the settings for iterations, memory, and parallelism parameters). Instead of KDF iterations, there is a “Work Factor” which scales linearly with memory and compute. log file is updated only after a successful login. Bitwarden Community Forums Master pass stopped working after increasing KDF. But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. With the warning of ### WARNING. The user probably wouldn’t even notice. With the warning of ### WARNING. the threat actors got into the lastpass system by. Higher KDF iterations can help protect your master password from being brute forced by an attacker. The user probably wouldn’t even notice. By the way, Sends (which I don’t really use) also have 100K fixed pbkdf2. So I go to log in and it says my password is incorrect. Ask the Community. Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on slower or older devices. I went into my web vault and changed it to 1 million (simply added 0). Unless there is a threat model under which this could actually be used to break any part of the security. This operation logs the user out of all accounts in any event so it should be relatively low friction to update the KDF iterations simultaneously. Now it works! Seems to be a bug between the BitWarden extension and a Vault that has 100000 KDF iterations. 2 Likes. Not sure if this is already on the @Quexten’s and Bitwarden devs’ list of things to do, but I think it would be very helpful to update the Interactive Cryptography Tool to include an implementation of the new Argon2 KDF Support (including the ability for users to test the settings for iterations, memory, and parallelism parameters). The hash credential to login to Bitwarden servers is only 1 PBKDF2 iteration from the vault master key. Kyle managed to get the iOS build working now,. Is there a way to find out how many KDF iterations are currently being used? The settings page defaults to 100,000 instead of the current value. For scrypt we could get by, by setting the work factor N (which influences both computation and memory) and store this in the KDF Iterations (although ideally a user could configure the other parameters too). So, I changed it by 100000 as suggested in the “Encryption key settings” warning. 2. Once you. I also appreciate the @mgibson and @grb discussion, above. Bitwarden uses AES- CBC 256-bit encryption for your Vault data, and PBKDF2 SHA-256 to derive your encryption key. Ask the Community Password Manager. If your keyHash value is from later than June 9, 2021, you will need to save a copy of the HTML code of this webpage. If your keyHash value is from later than June 9, 2021, you will need to save a copy of the HTML code of this webpage. Exploring applying this as the minimum KDF to all users. Exploring applying this as the minimum KDF to all users. They are exploring applying it to all current accounts. The slowness of the Argon2id algorithm can also be adjusted by increasing the number of iterations required, but Argon2id also provides for other adjustments that can make it. Instead of KDF iterations, there is a “Work Factor” which scales linearly with memory and compute. The client has to rely on the server to tell it the correct value, and as long as low settings like 5,000 iterations are supported this issue will remain. Bitwarden Increases KDF iterations to 600k for new accounts and double-encrypts data at rest. If your passphrase has fewer than 6 words, then the password entropy and KDF work together to secure your vault. But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. We recommend a value of 600,000 or more. The point of argon2 is to make low entropy master passwords hard to crack. Exploring applying this as the minimum KDF to all users. Existing accounts can manually increase this. I would suggest getting in touch with tech support, in case there is anything they can do to diagnose or fix your problem. I don’t think this replaces an automatic migration or at least global notifications for iterations set below the default, but it is still a good suggestion. Provide a way for an admin to configure the number of minimum KDF iterations for users within an organization. The user probably wouldn’t even notice. Unless there is a threat model under which this could actually be used to break any part of the security. The recent LastPass breach has put a lot of focus on the number of PBKDF2 hash iterations used to derive the decryption key for the password vault. The client has to rely on the server to tell it the correct value, and as long as low settings like 5,000 iterations are supported this issue will remain. Bitwarden's default KDF iterations is actually pretty low, it sits at 5,000 server-side iterations. Unless there is a threat model under which this could actually be used to break any part of the security. By the way, Sends (which I don’t really use) also have 100K fixed pbkdf2. The point of argon2 is to make low entropy master passwords hard to crack. Steps To Reproduce Set minimum KDF iteration count to 300. grb January 26, 2023. Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on slower or older devices. What you did there has nothing to do with the client-side iteration, that is only for storing the password hash by Vaultwarden. Instead of KDF iterations, there is a “Work Factor” which scales linearly with memory and compute. Palant said this flaw meant that the security level of Bitwarden is identical to what LastPass had. Bitwarden has never crashed, none of the three main devices has ever slowed down when I started the Bitwarden Android app or web extension besides my other apps/programs. Then edit Line 481 of the HTML file — change the third argument. Argon2 Bitwarden defaults - 16. Unless there is a threat model under which this could actually be used to break any part of the security. Security. When you change the iteration count, you'll be logged out of all clients. One thing I would like an opinion on: the current PBKDF only needs an Iteration count, and sends this via tha API / stores it. This operation logs the user out of all accounts in any event so it should be relatively low friction to update the KDF iterations simultaneously. I can’t remember if I. Yes and it’s the bitwarden extension client that is failing here. Due to the recent news with LastPass I decided to update the KDF iterations. Can anybody maybe screenshot (if. The user probably wouldn’t even notice. There are many reasons errors can occur during login. LastPass got in some hot water for their default iterations setting bein…Bitwarden Increases KDF iterations to 600k for new accounts and double-encrypts data at rest. At our organization, we are set to use 100,000 KDF iterations. Vaultwarden works! More data, on the desktop I downgraded the extension for FF to 2022. I have created basic scrypt support for Bitwarden. Not sure if this is already on the @Quexten’s and Bitwarden devs’ list of things to do, but I think it would be very helpful to update the Interactive Cryptography Tool to include an implementation of the new Argon2 KDF Support (including the ability for users to test the settings for iterations, memory, and parallelism parameters). For scrypt there are audited, and fuzzed libraries such as noble-hashes. By the way, Sends (which I don’t really use) also have 100K fixed pbkdf2. The feature will be opt-in, and should be available on the same page as the. I think the . Warning: Setting your KDF. When you change the iteration count, you'll be logged out of all clients. Let them know that you plan to delete your account in the near future,. Okay. 1Password also uses end-to-end AES-256 bit encryption to encrypt user data, but there’s one thing that Bitwarden does better than 1Password is that the user can change the KDF iterations up to. I just found out that this affects Self-hosted Vaultwarden as well. 5. 2 Likes. Click the Change KDF button and confirm with your master password. OK fine. 1 was failing on the desktop. I think the . High kdf iterations aren't necessary if your main password is actually strong, though if your phone struggles with 100k iterations it could be very old and you shouldn't be storing passwords on it. Anyways, always increase memory first and iterations second as recommended in the argon2 paper and iterations only afterwards. I don’t think this replaces an. wasn’t the whole point of logging me out of all my devices to force me to log back in using the new KDF iterations value? grb January 26, 2023, 3:43am 17. Exploring applying this as the minimum KDF to all users. If your keyHash value is from later than June 9, 2021, you will need to save a copy of the HTML code of this webpage. For algorithm, I choose PBKDF2 SHA-256 and set my iterations to 500,000. If all of your devices can handle it (looking at you, Android), you could just bump up to 2,000,000 and be done second-guessing yourself. The user probably wouldn’t even notice. The point of argon2 is to make low entropy master passwords hard to crack. , BitwardenDecrypt), so there is nothing standing in the way of. One of the Hacker News commenters suggestions which sounds reasonable is to upgrade the user to the current default KDF iterations upon a change of the master password. So I go to log in and it says my password is incorrect. log file is updated only after a successful login. log file somewhere safe). By the way, Sends (which I don’t really use) also have 100K fixed pbkdf2. The user probably wouldn’t even notice. Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on slower or older devices. This operation logs the user out of all accounts in any event so it should be relatively low friction to update the KDF iterations simultaneously. (or even 1 round of SHA1). Also make sure this is done automatically through client/website for existing users (after they are logged in) to enforce that minimum. This is what I did: Changed the KDF iterations setting from the default 100,000 to the new default of 350,000. But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. My understanding is that a strong master password should still be secure even with a low number of KDF iterations, but for a product like a password manager, the bar should probably be higher than that. The hash credential to login to Bitwarden servers is only 1 PBKDF2 iteration from the vault master key. Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on slower or older devices. But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. Thus; 50 + log2 (5000) = 62. Another KDF that limits the amount of scalability through a large internal state is scrypt. This is equivalent to the effect of increasing your master password entropy by 2 bits, because log2(2000000/500000) = log2(4) = 2. htt. But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. Provide a way for an admin to configure the number of minimum KDF iterations for users within an organization. Then edit Line 481 of the HTML file — change the third argument. My account was set to 100000 by default!! To change it log into your WebUI and go to Account > Security > Keys. More recently, Bitwarden users raised their voices asking the company to not make the same mistake. The feature will be opt-in, and should be available on the same page as the. Change the ** KDF iterations** to 600000 (Six Hundred Thousand) or higher! Keep in mind that this doesn't do you much good however if you have a weak master password. After changing that it logged me off everywhere. From this users perspective, it takes too long for this one step when KDF iterations is set to 56. By the way, Sends (which I don’t really use) also have 100K fixed pbkdf2. (and answer) is fairly old, but BitWarden. As for me I only use Bitwardon on my desktop. Bitwarden Increases KDF iterations to 600k for new accounts and double-encrypts data at rest. If you don’t have a locked vault on your device and you are logging in, then there is an unauthentication prelogin in which fetches the number of KDF iterations from the server, that part is true. Can anybody maybe screenshot (if. alfonsojon (Jonathan Alfonso) May 4, 2023, 2:46pm 1. Exploring applying this as the minimum KDF to all users. Then edit Line 481 of the HTML file — change the third argument. Bitwarden Community Forums. . Therefore, a. LastPass had (and still has) many issues, but one issue was allowing low iterations (1 or 500) on their KDF. More specifically Argon2id. But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. Keep in mind having a strong master password and 2FA is still the most important security aspect than adding additional bits of. Can anybody maybe screenshot (if. Unless there is a threat model under which this could actually be used to break any part of the security. We recommend a value of 600,000 or more. I increased KDF from 100k to 600k and then did another big jump. Onto the Tab for “Keys”. It's set to 100100. The hash credential to login to Bitwarden servers is only 1 PBKDF2 iteration from the vault master key. all new threads here are locked, but replies will still function for the time being. Exploring applying this as the minimum KDF to all users. Not sure if this is already on the @Quexten’s and Bitwarden devs’ list of things to do, but I think it would be very helpful to update the Interactive Cryptography Tool to include an implementation of the new Argon2 KDF Support (including the ability for users to test the settings for iterations, memory, and parallelism parameters). Iterations are chosen by the software developers. Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on slower or older devices. (and answer) is fairly old, but BitWarden. Now it works! Seems to be a bug between the BitWarden extension and a Vault that has 100000 KDF iterations. By the way, Sends (which I don’t really use) also have 100K fixed pbkdf2. I think the . Now I know I know my username/password for the BitWarden. Addition info from the team, does this sound like the issue: [Android] When account it set to maximum 2,000,000 PBKDF iterations cannot log on · Issue #2295 · bitwarden/mobile · GitHub I changed my KDF from 100k to 300k, so nowhere near that limit, and I am unable to login to the web vault. Bitwarden Increases KDF iterations to 600k for new accounts and double-encrypts data at rest. 4. Hi, as in for the same reason as in Scrypt KDF Support , I decided to add Argon2 support. Also make sure this is done automatically through client/website for existing users (after they. Hi all, Attempting to update the KDF iteration number as suggested and saw it stated that “You will need to log back in and complete two-step login setup. But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. This operation logs the user out of all accounts in any event so it should be relatively low friction to update the KDF iterations simultaneously. Therefore, a rogue server could send a reply for. The point of argon2 is to make low entropy master passwords hard to crack. Currently, KDF iterations is set to 100,000. log file gets wiped (in fact, save a copy of the entire . The point of argon2 is to make low entropy master passwords hard to crack. The recent LastPass breach has put a lot of focus on the number of PBKDF2 hash iterations used to derive the decryption key for the password vault. Note:. I have created basic scrypt support for Bitwarden. Addition info from the team, does this sound like the issue: [Android] When account it set to maximum 2,000,000 PBKDF iterations cannot log on · Issue #2295 · bitwarden/mobile · GitHub I changed my KDF from 100k to 300k, so nowhere near that limit, and I am unable to login to the web vault. Bitwarden Increases KDF iterations to 600k for new accounts and double-encrypts data at rest. I’m writing this to warn against setting to large values. Unless there is a threat model under which this could actually be used to break any part of the security. In src/db/models/user. Remember FF 2022. Exploring applying this as the minimum KDF to all users. Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on devices with slower CPUs. Shorten8345 February 16, 2023, 7:50pm 24. Therefore, a. Not sure if this is already on the @Quexten’s and Bitwarden devs’ list of things to do, but I think it would be very helpful to update the Interactive Cryptography Tool to include an implementation of the new Argon2 KDF Support (including the ability for users to test the settings for iterations, memory, and parallelism parameters). Among other. 000 iter - 228,000 USD. Palant said this flaw meant that the security level of Bitwarden is identical to what LastPass had. The user probably wouldn’t even notice. I increased KDF from 100k to 600k and then did another big jump. But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. The client has to rely on the server to tell it the correct value, and as long as low settings like 5,000 iterations are supported this issue will remain. (for a single 32 bit entropy password). ” From information found on Keypass that tell me IOS requires low settings. Bitwarden currently has a default setting of 100,001 iterations client-side with an additional 100,000. The user probably wouldn’t even notice. Not sure if this is already on the @Quexten’s and Bitwarden devs’ list of things to do, but I think it would be very helpful to update the Interactive Cryptography Tool to include an implementation of the new Argon2 KDF Support (including the ability for users to test the settings for iterations, memory, and parallelism parameters). The KDF iterations increase the cracking time linearly, so 2,000,000 will take four times as long to crack (on average) than 500,000. With the warning of ### WARNING. End of story. For which i also just created a PR #3163, which will update the server-side to at least 350_000 iterations instead of 100_000. That seems like old advice when retail computers and old phones couldn’t handle high KDF. One of the Hacker News commenters suggestions which sounds reasonable is to upgrade the user to the current default KDF iterations upon a change of the master password. 9,603. Bitwarden's default KDF iterations is actually pretty low, it sits at 5,000 server-side iterations. Based on the totality of the evidence available to date (as summarized above), my best guess is that the master password hash stored in the cloud database became corrupted when you changed the KDF iterations. On a PC or a high end cell phone, you can easily set the iterations well above 1,000,000 and only notice a 1-2 second delay. No performance issue once the vault is finally unlocked. Go to “Account settings”. Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on slower or older devices. A question: For purposes of risk/benefit analysis, how does the hashing/encryption process differ from what is done in the regular encrypted export?With the ambiguity in some of the Bitwarden staff responses, it is difficult to say at this time what is going on. Exploring applying this as the minimum KDF to all users. It doesn’t seem like the increased KDF iterations are the culprit, so the above appears to be the most likely possibility. I don’t think this replaces an automatic migration or at least global notifications for iterations set below the default, but it is still a good suggestion. The user probably wouldn’t even notice. A small summary of the current state of the pull requests: Desktop/Web: Mostly done, still needs qa testing for all platforms. Went to change my KDF. You should switch to Argon2. log file is updated only after a successful login. After changing that it logged me off everywhere. 0 release, Bitwarden increased the default number of KDF iterations for accounts using the PBKDF2 algorithm to 600,000, in accordance with updated OWASP guidelines. For those sticking with PBKDF2 for the KDF, you can use Bitwarden's interactive cryptography tool to test how your browser performs when you increase the number of KDF iterations. Do beware, Bitwarden puts a limit of 10 iteration rounds because in QA testing, it was unlimited, which lead to a tester having a 30 minute unlock time (1k+ iterations at 1GiB memory). Bitwarden Increases KDF iterations to 600k for new accounts and double-encrypts data at rest. Therefore, a rogue server could send a reply for. Let's look back at the LastPass data breach. Therefore, a rogue server could send a reply for. none of that will help in the type of attack that led to the most recent lastpass breach. Bitwarden Increases KDF iterations to 600k for new accounts and double-encrypts data at rest. Great additional feature for encrypted exports. GitHub - quexten/clients at feature/argon2-kdf. anjhdtr January 14, 2023, 12:50am 14. In this case, we recommend to use a relatively low value for the Argon2 memory parameter (64 MB or less, depending on the app and the database size) and a relatively high number of iterations. Gotta. Set the KDF iterations box to 600000. higher kdf iterations make it harder to brute force your password. Therefore, a. But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. Security expert, Dmitry Chestnykh, had mentioned this problem in 2020 , yet it still remains unresolved. My understanding is that a strong master password should still be secure even with a low number of KDF iterations, but for a product like a password manager, the bar should probably be higher than that. Our default is 100,000 iterations, the Min allows for higher performance at the user's discretion but the key length combined with the password still makes this. . But they don’t even store the kdf / iterations in the database, so changing it would require another database migration / backend change which I didn’t really feel like taking on considering how low the risk for a send is anyways. Unless there is a threat model under which this could actually be used to break any part of the security. Bitwarden client applications (web, browser extension, desktop, and. Yes and it’s the bitwarden extension client that is failing here. Additionally, there are some other configurable factors for scrypt, which. Feature function Allows admins to configure their organizations to comply with change in recommendations over time (as hash compute capabilities increase, so does the need for increasing KDF iterations). The hash credential to login to Bitwarden servers is only 1 PBKDF2 iteration from the vault master key. The point of argon2 is to make low entropy master passwords hard to crack. With the ambiguity in some of the Bitwarden staff responses, it is difficult to say at this time what is going on. Bitwarden 2023. Set minimum KDF iteration count to 300. The user probably wouldn’t even notice. Among other. On the typescript-based platforms, argon2-browser with WASM is used. LastPass got in some hot water for their default iterations setting bein… My understanding is that a strong master password should still be secure even with a low number of KDF iterations, but for a product like a password manager, the bar should probably be higher than that. On the cli, argon2 bindings are. Bitwarden Community Forums Master pass stopped working after increasing KDF. Ask the Community. The number of default iterations used by Bitwarden was increased in February, 2023. How about just giving the user the option to pick which one they want to use. With the warning of ### WARNING. Unless there is a threat model under which this could actually be used to break any part of the security. Higher KDF iterations can help protect your master password from being brute forced by an attacker. Unless there is a threat model under which this could actually be used to break any part of the security. Code Contributions (Archived) pr-inprogress. Then edit Line 481 of the HTML file — change the third argument. Sometimes Bitwarded just locks up completely. This operation logs the user out of all accounts in any event so it should be relatively low friction to update the KDF iterations simultaneously. Ask the Community. By the way, Sends (which I don’t really use) also have 100K fixed pbkdf2. According to comments posted by Quexten at Bitwarden's community forums, the company has a 5-week release cycle, so we could expect Argon2 support to be added next month on all platforms if the tests are successful. Bitwarden Community Forums Master pass stopped working after increasing KDF. The point of argon2 is to make low entropy master passwords hard to crack. As to Bitwarden, the media mostly repeated their claim that the data is protected with 200,001 PBKDF2 iterations: 100,001 iterations on the client side and. Do keep in mind Bitwarden still needs to do QA on the changes and they have a 5 week release cycle. The user probably wouldn’t even notice. the time required increases linearly with kdf iterations. Therefore, a rogue server could send a reply for. log file is updated only after a successful login. Not sure if this is already on the @Quexten’s and Bitwarden devs’ list of things to do, but I think it would be very helpful to update the Interactive Cryptography Tool to include an implementation of the new Argon2 KDF Support (including the ability for users to test the settings for iterations, memory, and parallelism parameters). Bitwarden's default KDF iterations is actually pretty low, it sits at 5,000 server-side iterations. Palant said this flaw meant that the security level of Bitwarden is identical to what LastPass had. Therefore, a. Exploring applying this as the minimum KDF to all users. Among other. Changing the env var PASSWORD_ITERATIONS does not change the password_iterations value in the DB,. The user probably wouldn’t even notice. I don’t think this replaces an automatic migration or at least global notifications for iterations set below the default, but it is still a good suggestion. Therefore, a rogue server could send a reply for. The hash credential to login to Bitwarden servers is only 1 PBKDF2 iteration from the vault master key. Search for keyHash and save the value somewhere, in case the . The PBKDF2 algorithm can (in principle) be made slower by requiring that the calculation be repeated (by specifying a large number of KDF “iterations”). With the ambiguity in some of the Bitwarden staff responses, it is difficult to say at this time what is going on. Regarding brute force difficulty, kdf_iterations is currently hard-coded to 100,000, which is the same default for a Bitwarden account and Bitwarden Send. Remember FF 2022. I don’t think this replaces an automatic migration or at least global notifications for iterations set below the default, but it is still a good suggestion. Ask the Community. All of this assumes that your KDF iterations setting is set to the default 100,000. OK fine. I don’t think this replaces an automatic migration or at least global notifications for iterations set below the default, but it is still a good suggestion. By the way, Sends (which I don’t really use) also have 100K fixed pbkdf2. The point of argon2 is to make low entropy master passwords hard to crack. Additionally, there are some other configurable factors for scrypt,. Bitwarden's default KDF iterations is actually pretty low, it sits at 5,000 server-side iterations. Increasing KDF iterations will increase running time linearly. It has to be a power of 2, and thus I made the user configurable work factor a drop down selection. Under “Security”. Addition info from the team, does this sound like the issue: [Android] When account it set to maximum 2,000,000 PBKDF iterations cannot log on · Issue #2295 · bitwarden/mobile · GitHub I changed my KDF from 100k to 300k, so nowhere near that limit, and I am unable to login to the web vault. In contrast, Dmitry Chestnykh wrote a well-researched piece in 2020 (with an update in January 2023) that describes exactly how a brute-force attack against a stolen Bitwarden vault would be possible using only 100,000 PBKDF2 iterations (or the KDF iteration value set by the user) per password guess, and even proposed an improved authentication. The higher the memory used by the algorithm, the more expensive it is for an attacker to crack your hash. Going to see if support can at least tell me when my password was last changed (to rule out a very implausible theory), and at the very least see if it’s possible for them to roll my vault back to my old password,. Not sure if this is already on the @Quexten’s and Bitwarden devs’ list of things to do, but I think it would be very helpful to update the Interactive Cryptography Tool to include an implementation of the new Argon2 KDF Support (including the ability for users to test the settings for iterations, memory, and parallelism parameters). Currently, as far as I know, Bitwarden is the only password manager that offers the ability to directly import their password-protected . Also, check out this Help article on Low KDF Iterations: and the KDF Iteration FAQ:. Bitwarden is abiding by these new recommendations, and when you log into the Bitwarden web app you may see a message saying your KDF Iterations setting is too low. I think the . Based on the totality of the evidence available to date (as summarized above), my best guess is that the master password hash stored in the cloud database became corrupted when you changed the KDF iterations. I increased KDF from 100k to 600k and then did another big jump. There's no "fewer iterations if the password is shorter" recommendation. This operation logs the user out of all accounts in any event so it should be relatively low friction to update the KDF iterations simultaneously. Unless there is a threat model under which this could actually be used to break any part of the security. In the thread that you linked, the issue was that OP was running third-party server software that is not a Bitwarden product, and attempting to use a Bitwarden client app to log in to their self-hosted server that was running incompatible software. By the way, Sends (which I don’t really use) also have 100K fixed pbkdf2. Hit the Show Advanced Settings button. Exploring applying this as the minimum KDF to all users. In src/db/models/user. Exploring applying this as the minimum KDF to all users. If your original password is 50 bits of entropy, each additional bit is (theoretically) double as costly to crack. The point of argon2 is to make low entropy master passwords hard to crack. The KDF iterations increase the cracking time linearly, so 2,000,000 will take four times as long to crack (on average) than 500,000. For Bitwarden, you max out at 1024 MB; Iterations t: number of iterations over the memory. With the warning of ### WARNING. Bitwarden Increases KDF iterations to 600k for new accounts and double-encrypts data at rest. Bitwarden is abiding by these new recommendations, and when you log into the Bitwarden web app you may see a message saying your KDF Iterations setting is too low. Based on the totality of the evidence available to date (as summarized above), my best guess is that the master password hash stored in the cloud database became corrupted when you changed the KDF iterations. Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on devices with slower CPUs. RogerDodger January 26,. wasn’t the whole point of logging me out of all my devices to force me to log back in using the new KDF iterations value? grb January 26, 2023, 3:43am 17.