Browser: Requests: key stretching: document PBKDF2 rounds + ability to control rounds by user-setting

Created on 21 Oct 2016  路  6Comments  路  Source: bitwarden/browser

First, kudos to Kyle (main & original author) for this project.
A high-quality, nicely implemented open source password manager is very welcome news.
This project looks very promising for replacing the proprietary and less transparent incumbents given additional time and effort.

LastPass allows the user to change the default number of rounds in PBKDF2 (their default is 5000). Faster hardware have made increased number of rounds a necessity over time.

  • The FAQ should include the default number of rounds used.
  • End users should be able to change this value (computation is done locally on the client anyway).
  • Should consider additional (user-selectable) open-source, key-stretching schemes such as Argon2 See alternatives listed in wikipedia
enhancement
Source
picture arielf
👍3

Most helpful comment

when will it be started? :D

picture jeroen7s on 28 Nov 2017
👍5

All 6 comments

Thanks for your comments @arielf .

  • I will plan on adding some information in the help articles in regard to PBKDF2 iterations (it is currently 5000 on the client + 10000 on the server).
  • This is definitely a good feature to add and I had plans to add it at some point. I will triage this issue to our "planned" status to keep it in the forefront.
  • This is also possible to add, but is likely much more difficult to do. PBKDF2 was chosen since it is a strong standard readily available on all platforms without having to introduce additional third party libraries. I aim to keep the exposure to crypto implementations to a minimum.
kspearrin picture kspearrin on 22 Oct 2016

:+1: Any news for this ?
This will be really great feature to add, it will also increase overall security.

abhimanyu003 picture abhimanyu003 on 25 Feb 2017

Still planned, not started yet.

kspearrin picture kspearrin on 25 Feb 2017

when will it be started? :D

jeroen7s picture jeroen7s on 28 Nov 2017
👍5

any updates on this?

jeroen7s picture jeroen7s on 4 Jan 2018

We are moving away from tracking Bitwarden feature requests like this one as GitHub issues. We have created a Bitwarden Community Forum which has a section for submitting, voting for, and discussing product feature requests. Please sign up on our forums if you want to continue contributing to feature requests.

Since this was a popular feature request we have already re-created it on the forums and linked back to this GitHub issue for reference.

https://community.bitwarden.com/t/user-configurable-key-derivation-iterations/16

This issue will now be closed.

kspearrin picture kspearrin on 8 Mar 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ple103 picture ple103  路  6Comments
IanSavchenko picture IanSavchenko  路  6Comments
lainy picture lainy  路  4Comments
ollieh picture ollieh  路  6Comments
jikamens picture jikamens  路  3Comments