[PS-2275] Update the default kdf iterations to 600k. (#2305)

* [PS-2275] Update the default kdf iterations to 350k. * update to 600k per latest owasp
2023-01-24 20:08:52 +00:00 · 2023-01-24 20:08:52 +00:00 · dbfd15b819
parent acd0cb119d
commit dbfd15b819
3 changed files with 6 additions and 7 deletions
--- a/src/App/Pages/Accounts/RegisterPageViewModel.cs
+++ b/src/App/Pages/Accounts/RegisterPageViewModel.cs
@ -176,8 +176,7 @@ namespace Bit.App.Pages
            Name = string.IsNullOrWhiteSpace(Name) ? null : Name;
            Email = Email.Trim().ToLower();
            var kdf = KdfType.PBKDF2_SHA256;
-            var kdfIterations = 100_000;
-            var key = await _cryptoService.MakeKeyAsync(MasterPassword, Email, kdf, kdfIterations);
+            var key = await _cryptoService.MakeKeyAsync(MasterPassword, Email, kdf, Constants.KdfIterations);
            var encKey = await _cryptoService.MakeEncKeyAsync(key);
            var hashedPassword = await _cryptoService.HashPasswordAsync(MasterPassword, key);
            var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1);
@ -189,7 +188,7 @@ namespace Bit.App.Pages
                MasterPasswordHint = Hint,
                Key = encKey.Item2.EncryptedString,
                Kdf = kdf,
-                KdfIterations = kdfIterations,
+                KdfIterations = Constants.KdfIterations,
                Keys = new KeysRequest
                {
                    PublicKey = keys.Item1,
--- a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
@ -164,9 +164,8 @@ namespace Bit.App.Pages
            }

            var kdf = KdfType.PBKDF2_SHA256;
-            var kdfIterations = 100000;
            var email = await _stateService.GetEmailAsync();
-            var key = await _cryptoService.MakeKeyAsync(MasterPassword, email, kdf, kdfIterations);
+            var key = await _cryptoService.MakeKeyAsync(MasterPassword, email, kdf, Constants.KdfIterations);
            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.ServerAuthorization);
            var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.LocalAuthorization);

@ -188,7 +187,7 @@ namespace Bit.App.Pages
                Key = encKey.Item2.EncryptedString,
                MasterPasswordHint = Hint,
                Kdf = kdf,
-                KdfIterations = kdfIterations,
+                KdfIterations = Constants.KdfIterations,
                OrgIdentifier = OrgIdentifier,
                Keys = new KeysRequest
                {
@ -203,7 +202,7 @@ namespace Bit.App.Pages
                // Set Password and relevant information
                await _apiService.SetPasswordAsync(request);
                await _stateService.SetKdfTypeAsync(kdf);
-                await _stateService.SetKdfIterationsAsync(kdfIterations);
+                await _stateService.SetKdfIterationsAsync(Constants.KdfIterations);
                await _cryptoService.SetKeyAsync(key);
                await _cryptoService.SetKeyHashAsync(localMasterPasswordHash);
                await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@ -46,6 +46,7 @@
        public const int SaveFileRequestCode = 44;
        public const int TotpDefaultTimer = 30;
        public const int PasswordlessNotificationTimeoutInMinutes = 15;
+        public const int KdfIterations = 600000;
        public const int MasterPasswordMinimumChars = 8;

        public static readonly string[] AndroidAllClearCipherCacheKeys =