From dbfd15b81945b299461f9283775232b891e05b2a Mon Sep 17 00:00:00 2001 From: aj-rosado <109146700+aj-rosado@users.noreply.github.com> Date: Tue, 24 Jan 2023 20:08:52 +0000 Subject: [PATCH] [PS-2275] Update the default kdf iterations to 600k. (#2305) * [PS-2275] Update the default kdf iterations to 350k. * update to 600k per latest owasp --- src/App/Pages/Accounts/RegisterPageViewModel.cs | 5 ++--- src/App/Pages/Accounts/SetPasswordPageViewModel.cs | 7 +++---- src/Core/Constants.cs | 1 + 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/App/Pages/Accounts/RegisterPageViewModel.cs b/src/App/Pages/Accounts/RegisterPageViewModel.cs index 8ab29023e..f03fc8abe 100644 --- a/src/App/Pages/Accounts/RegisterPageViewModel.cs +++ b/src/App/Pages/Accounts/RegisterPageViewModel.cs @@ -176,8 +176,7 @@ namespace Bit.App.Pages Name = string.IsNullOrWhiteSpace(Name) ? null : Name; Email = Email.Trim().ToLower(); var kdf = KdfType.PBKDF2_SHA256; - var kdfIterations = 100_000; - var key = await _cryptoService.MakeKeyAsync(MasterPassword, Email, kdf, kdfIterations); + var key = await _cryptoService.MakeKeyAsync(MasterPassword, Email, kdf, Constants.KdfIterations); var encKey = await _cryptoService.MakeEncKeyAsync(key); var hashedPassword = await _cryptoService.HashPasswordAsync(MasterPassword, key); var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1); @@ -189,7 +188,7 @@ namespace Bit.App.Pages MasterPasswordHint = Hint, Key = encKey.Item2.EncryptedString, Kdf = kdf, - KdfIterations = kdfIterations, + KdfIterations = Constants.KdfIterations, Keys = new KeysRequest { PublicKey = keys.Item1, diff --git a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs index 06f056a6b..70b73f0ad 100644 --- a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs +++ b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs @@ -164,9 +164,8 @@ namespace Bit.App.Pages } var kdf = KdfType.PBKDF2_SHA256; - var kdfIterations = 100000; var email = await _stateService.GetEmailAsync(); - var key = await _cryptoService.MakeKeyAsync(MasterPassword, email, kdf, kdfIterations); + var key = await _cryptoService.MakeKeyAsync(MasterPassword, email, kdf, Constants.KdfIterations); var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.ServerAuthorization); var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.LocalAuthorization); @@ -188,7 +187,7 @@ namespace Bit.App.Pages Key = encKey.Item2.EncryptedString, MasterPasswordHint = Hint, Kdf = kdf, - KdfIterations = kdfIterations, + KdfIterations = Constants.KdfIterations, OrgIdentifier = OrgIdentifier, Keys = new KeysRequest { @@ -203,7 +202,7 @@ namespace Bit.App.Pages // Set Password and relevant information await _apiService.SetPasswordAsync(request); await _stateService.SetKdfTypeAsync(kdf); - await _stateService.SetKdfIterationsAsync(kdfIterations); + await _stateService.SetKdfIterationsAsync(Constants.KdfIterations); await _cryptoService.SetKeyAsync(key); await _cryptoService.SetKeyHashAsync(localMasterPasswordHash); await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString); diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs index d16fe3db2..e48d32647 100644 --- a/src/Core/Constants.cs +++ b/src/Core/Constants.cs @@ -46,6 +46,7 @@ public const int SaveFileRequestCode = 44; public const int TotpDefaultTimer = 30; public const int PasswordlessNotificationTimeoutInMinutes = 15; + public const int KdfIterations = 600000; public const int MasterPasswordMinimumChars = 8; public static readonly string[] AndroidAllClearCipherCacheKeys =