![]() The attackers were helped because apparently LastPass also had a history of poor keystretching which makes the guessing process quicker. That's exactly what people can do with the leaked LastPass database. If you have a weak password in Bitwarden, people can attempt to brute force the keystretching to see if they get the same output. It protects against people choosing poor passwords in the event of a database leak. If an attacker has a leaked 1Password database, they know every account involves an input with at least 128 bits of entropy. You only need to do it at setup time because it's cached on the client.ġPassword added this randomly generated secret key because it protects against database leaks. When you setup a new device in 1Password, you have to enter that ~128 bit secret key again. A login to 1Password requires both parts - the part you input (password) and the part they generated locally (secret key). It's also part of the login process (cached on the client). That randomly generated key is part of the onboarding process. I also need a ~128 bit randomly generated key per account that was generated by your local client and never uploaded to 1Password. If you give me that same info in 1Password, I cannot login to your account. And emails are easily leaked from other sources. But I know that the input is a password and that people are usually terrible at thinking up passwords because they have to remember them. It penalizes guesses because each guess has to go through the keystretching process. The keystretching is just there to slow down an attacker's guesses. I can attempt to guess the inputs (password and email) and see if I get the same 512 bit output. It's the same thing if you don't tell me but you use a weak password. If you tell me your password is "a" and email is I can compute your master key and can compute your stretched master key. What I mean is that Bitwarden's inputs are only the password and email. I'll go into more detail for others because it sounds like you already know some of this. I don't believe I'm wrong but we're talking about different things. That means if you had a trivially easy password and they only iterated it once (they were using a 128bit key) it could be trivial for GPU cracking to crack the password. Key are never stored on or transmitted to Bitwarden servers.Ī side note: One of the major issues with the LastPass breach is that we are finding that they didn't iterate their PBKDF2 enough (in some cases 1 time for super old customers). Master Key is additionally stretched to 512 bits in length using HMAC-basedĮxtract-and-Expand Key Derivation Function (HKDF). The resulting salted value is the 256 bit Master Key. When the Create Account form is submitted, Bitwarden uses Password-Based Key Derivationįunction 2 (PBKDF2) with 100,000 iteration rounds to stretch the user's Master Password withĪ salt of the user's email address. The top of page 7 describes the key size: I am upvoting you because I think this warrants more discussion, and maybe I am wrong, but I think you are wrong- Bitwarden has a 256bit security key.Īre you suggesting they go backwards to 128 or implying they dont even have a 128 bit key?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |