02-15-2024 06:48 PM
I read:
"How passwords are stored is important. Back in 2012 Linkedin had a data breach in which they lost 6 million user passwords. The passwords were stored using SHA1. And they weren't salted. Lots of them were cracked within days (some of them could have been determined by simply looking up pre-computed SHA1 tables). If you go on Bitwarden's website you can read about how they salt and store passwords. They use Key Derivation Functions (KDFs). I think their default is PBKDF2. These algorithms introduce a time penalty that greatly slows down brute force attacks. As CPUs and GPUs get faster and cheaper, the settings on KDFs get adjusted and new KDFs are developed. Last year Bitwarden increased the default number of iterations on PBKDF2 to 600,000. If you have an older database you may want to check what your number of iterations is set to. I forget what the old number was but my database was created before the change. Instead of going through the process of updating the iterations on PBKDF2, I switched to the newer Argon2id KDF (which they added as an option last year and is more resistant to GPU attacks) and used their currently recommended settings."
I'd like to know which KDF Firefox uses to protect the Sync vault holding my encrypted passwords. Does anyone here know?