Lastpass to bitwarden password#
Adding one more word to your passphrase increases the cost of guessing your password by factor 7776. If you are guarding valuable secrets or are someone of interest for state-level actors, you might want to consider a stronger password. This should be a security level sufficient for most regular users. I’ve done the calculations for guessing such passwords: approximately 200 years on a single graphics card or $1,500,000. Using a dictionary for 5 dice (7776 dictionary words) and picking out four random words, you get a password with slightly over 50 bits of entropy. For example, you could generate a random passphrase using the diceware approach. And the only real way to get there is generating your password randomly. This means that you need a strong master password. The default protection level of LastPass and Bitwarden is identical. Only the client-side iterations really matter as protection. This simple tweak removes all the protection granted by the server-side iterations and speeds up master password guessing considerably. Instead, for each guess they would derive an encryption key (100,000 PBKDF2 iterations) and check whether this one can decrypt the data. But the attackers wouldn’t waste time doing that of course.
Testing the guesses against the master password hash would be fairly slow: 200,001 PBKDF2 iterations here. PBKDF2 is meant to slow down verifying whether a guess is correct. And for that, they will have to guess the master password. So what happens if some malicious actor happens to get a copy of the data, like it happened with LastPass? They will need to decrypt it. This is pretty much the same flaw that I discovered in LastPass in 2018. If we look at how Bitwarden describes the process in their security whitepaper, there is an obvious flaw: the 100,000 PBKDF2 iterations on the server side are only applied to the master password hash, not to the encryption key. Bitwarden password hashing, key derivation, and encryption. So two different values are being derived from it: a master password hash, used to verify that the user is allowed to log in, and a key used to encrypt/decrypt the data. The Bitwarden server isn’t supposed to know this password. Like most password managers, Bitwarden uses a single master password to protect users’ data. How server-side iterations could have been designed.What this means for decrypting the data.And today OWASP changed their recommendation to 600,000 iterations, it has been adjusted to current hardware.Įdit (): I realized that some of my concerns were already voiced in Bitwarden’s 2018 Security Assessment.
Lastpass to bitwarden upgrade#
So far this change only applies to new accounts, and it is unclear whether they plan to upgrade existing accounts automatically. Still, the protection offered by Bitwarden isn’t exactly optimal either.Įdit (): Bitwarden increased the default client-side iterations to 350,000 a few days ago. LastPass also chose to downplay the breach instead of suggesting meaningful mitigation steps, something that Bitwarden hopefully wouldn’t do in this situation. LastPass also kept the iterations count for older accounts dangerously low, something that Bitwarden hopefully didn’t do either ( Edit: yes, they did this, some accounts have considerably lower iteration count). LastPass also failed to encrypt all data, a flaw that Bitwarden doesn’t seem to share. Mind you, LastPass isn’t only being criticized for using a default iterations count that is three time lower than the current OWASP recommendation. What remains are 100,000 iterations performed on the client side, essentially the same protection level as for LastPass. Except: as it turns out, the server-side iterations are designed in such a way that they don’t offer any security benefit. This being twice the default protection offered by LastPass, it doesn’t sound too bad. It cannot be decrypted even for weak master passwords.Īs to Bitwarden, the media mostly repeated their claim that the data is protected with 200,001 PBKDF2 iterations: 100,001 iterations on the client side and another 100,000 on the server. But the fact that this random value is required to decrypt the data means that the encrypted data on 1Password servers is almost useless to potential attackers. The secret key functionality decreases usability, requiring the secret key to be moved to each new device used with the account. But do these do a better job at protecting sensitive data?įor 1Password, this question could be answered fairly easily.
When people started looking for alternatives, two favorites emerged: 1Password and Bitwarden. In the aftermath of the LastPass breach it became increasingly clear that LastPass didn’t protect their users as well as they should have.
0 kommentar(er)
