**⇄ Σ = Mᄃ² ⇆** @[email protected] · Jan 24, 2023, 08:50

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Jan 24, 2023, 08:50

⇄ Σ = Mᄃ² ⇆ @[email protected]

Jan 24, 2023, 08:50

Bitwarden design flaw: Server side iterations

we look at how Bitwarden describes the process in their security whitepaper, there is an obvious flaw: the 100,000 PBKDF2 iterations on the server side are only applied to the master password hash, not to the encryption key. This is pretty much the same flaw that I discovered in LastPass in 2018

#CoSoSec

https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Jan 24, 2023, 08:56

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Jan 24, 2023, 08:56

Jan 24, 2023, 08:56

⇄ Σ = Mᄃ² ⇆ @[email protected]

Edit (2023-01-23): Bitwarden increased the default client-side iterations to 350,000 a few days ago. So far this change only applies to new accounts, and it is unclear whether they plan to upgrade existing accounts automatically.