New Update Bitwarden Password Manager added support for Argon2 KDF [Updated]

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,952
According to comments posted by Quexten at Bitwarden's community forums, the company has a 5-week release cycle, so we could expect Argon2 support to be added next month on all platforms if the tests are successful. The feature will be opt-in, and should be available on the same page as the password iteration settings in Bitwarden's web vault.
Bitwarden's implementation will use Argon2id. With PBKDF users have just one parameter that they can control, to set the number of iterations. Argon2 will offer more options, you will be able to set the number of iterations, the amount of memory to use, for example 64MB, and Parallelism lets you define the number of parallel threads to be used.

Bitwarden-Password-Manager-will-add-support-for-Argon2-KDF-soon.jpg
 

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
267
Ok ladies/gents, Argon2 is live on BW as per the post on Reddit: Argon2 is live

Wait till the apps are updated before you change the KDF algorithm. Kudos to the BW team for rolling this out in such a short time span. Gives me more confidence in BW and their future.

On an aside 1PW has defaults to 600K iterations for new accounts. Those with existing accounts have to change their passwords and generate a new secret key. You can use your current password or just change it to something new. 1PW now encourages users to shift to pass keys. I am holding back till any wrinkles are ironed out. More here at their blog: Goodbye, passwords
 

Gandalf_The_Grey

Level 75
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,437
Ok ladies/gents, Argon2 is live on BW as per the post on Reddit: Argon2 is live

Wait till the apps are updated before you change the KDF algorithm. Kudos to the BW team for rolling this out in such a short time span. Gives me more confidence in BW and their future.

On an aside 1PW has defaults to 600K iterations for new accounts. Those with existing accounts have to change their passwords and generate a new secret key. You can use your current password or just change it to something new. 1PW now encourages users to shift to pass keys. I am holding back till any wrinkles are ironed out. More here at their blog: Goodbye, passwords
Great thank for posting (y)
I will repeat the warning message:
Hey all, please wait until all of the Bitwarden clients you are using are updated to 2023.2.0 before making any changes, if you've already done this and are locked out, you can revert settings in the web vault to restore access.
Another waning when changing encryption key settings:
EDIT: WARNING: Apparently, iOS autofill enforces a hard limit of 120 MiB memory for the entire application. If you use Bitwarden on iOS, please keep this limitation in mind.
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,952

How to enable Argon2 KDF in Bitwarden


1. Go to Bitwarden's web vault in your browser.


2. Sign in to your account.

3. Go to the Security section, and switch to the Keys tab.


4. Click on the drop-down menu below the KDF algorithm.


How to enable Argon2 KDF in Bitwarden



5. By default, it's set to use PBKDF2 SHA-256. Select Argon2id.

6. The page will display some additional options. The default values should be fine. Here they are for your reference: KDF Iterations 3, KDF Memory 64MB, and KDF Parallelism 4.

7. Click on the Change KDF button. You will be asked to enter your master password to save your changes.


Switch to Argon2id KDF in Bitwarden Password Manager


That's it, you have enabled Argon2 KDF encryption for your passwords.
 

Gandalf_The_Grey

Level 75
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,437
Great guide (y)
But I want to repeat the warning:
Warning: We advise you not to enable Argon2 for your account right away, because older versions of the app do not support the encryption method. Wait until you have received the 2023.2 update on all your Bitwarden apps, i.e. the desktop program, the mobile app on your Android or iPhone, and the browser extensions for Firefox, Chrome, etc. Once you have verified that you have the new version on all your devices, you can switch to Argon2. If you have an old version of the app on one device, you won't be able to access your Bitwarden vault on that machine, until you revert the change via the web vault.
For me the Edge browser extension and the android app are not updated yet to the 2023.2 update.
When I look at the download page no app has version 2023.2 yet...
 
Last edited:
F

ForgottenSeer 98186

Argon 2d is a "feel good" feature. It adds little advantage over PBKDF SHA-256. Actually, Argon 2d is a problem for users that do not have sufficiently powerful devices. It also introduces side-channel attack potential. A cryptographically safe Bitwarden account password and high enough PBKDF iterations is more than sufficient.
 
Last edited by a moderator:
  • Like
Reactions: rashmi

CyberDevil

Level 6
Verified
Well-known
Apr 4, 2021
245
1676652293994.png


Guys, the KDF is very simple with only one parameter to configure, but what's the best way to configure Argon so that I don't get too much load on my devices with maximum security? Which parameter is more important for crypto resistance?
 
  • Like
Reactions: rashmi

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,952
View attachment 272980

Guys, the KDF is very simple with only one parameter to configure, but what's the best way to configure Argon so that I don't get too much load on my devices with maximum security? Which parameter is more important for crypto resistance?

Guess it's too early to be sure but you can take a look there: How to Utilize Argon2 KDF Configuration to Secure Bitwarden- Things to Know
There are 6 configuration parameters with Argon2. Bitwarden allows you to configure 3, which are the iterations, the memory and parallelism.
  1. Message P: the password/message/input to be hashed; can be any length from 0 to 2^32
  2. Nonce (salt) S: random-generated salt. The recommendation is 16 bytes or 128 bits for password hashing.
  3. Degree of Parallelism p: determines how many independent (but synchronizing) computational chains can be run. It may take any integer value from 1 to 2^24; when you set this up in your parameters, you would want to 2x the number of cores your machine has. For instance, if it is a quad-core you are using, then you are looking at 4 cores * 2 = 8 threads. For Bitwarden, the max is 16.
  4. Memory size m: amount of memory (in kilobytes) to use. The higher the memory used by the algorithm, the more expensive it is for an attacker to crack your hash. For Bitwarden, you max out at 1024 MB
  5. Iterations t: number of iterations over the memory. This allows you to increase the computational cost required to calculate one hash. For Bitwarden, the max is 10 iterations.
  6. outputKeyLength T: desired number of returned bytes
 

Gandalf_The_Grey

Level 75
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,437
  • Use Argon2id with a minimum configuration of 19 MiB of memory, an iteration count of 2, and 1 degree of parallelism.
Argon2 is the winner of the 2015 Password Hashing Competition. There are three different versions of the algorithm, and the Argon2id variant should be used, as it provides a balanced approach to resisting both side-channel and GPU-based attacks.

Rather than a simple work factor like other algorithms, Argon2id has three different parameters that can be configured. Argon2id should use one of the following configuration settings as a base minimum which includes the minimum memory size (m), the minimum number of iterations (t) and the degree of parallelism (p).

  • m=47104 (46 MiB), t=1, p=1 (Do not use with Argon2i)
  • m=19456 (19 MiB), t=2, p=1 (Do not use with Argon2i)
  • m=12288 (12 MiB), t=3, p=1
  • m=9216 (9 MiB), t=4, p=1
  • m=7168 (7 MiB), t=5, p=1
These configuration settings are equivalent in the defense they provide. The only difference is a trade off between CPU and RAM usage.
 

zkSnark

Level 5
Verified
Well-known
Jan 13, 2019
203
I changed to Argon2id and set maximum numbers for iterations, memory and parallelism. Everything is working smooth except a few seconds delay while logging in/unlocking on PC browser but no change on my Android phone.
 
  • Like
Reactions: rashmi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top