But security researcher Wladimir Palant has warned that, while this might sound impressive, the server-side iterations are ineffective. In this scenario, OWASP recommends using the PBKDF2 algorithm with random salts, SHA-256, and 600,000 iterations (a figure recently increased from the previous recommendation of 310,00 rounds).īitwarden said that its data is protected with 200,001 iterations – 100,001 iterations on the client side and a further 100,000 on the server side. The issue centers on the number of PBKDF2 hash iterations used to compute the decryption key for a user’s password vault. UPDATED Password vault vendor Bitwarden has responded to renewed criticism of the encryption scheme it uses to protect users’ secret encryption keys by enhancing the mechanism’s default security configuration. Password vault vendor accused of making a hash of encryption
0 Comments
Leave a Reply. |