[PS-2351] Increase Secure Note max length to 50,000 to match LastPass. #2625
Conversation
|
|
LastPass uses 45,000. Since buffers inflate slightly when encrypted, a max length of 50,000 should be safe. See https://community.bitwarden.com/t/support-longer-notes-breaks-lastpass-import/2970
STRML
force-pushed
the
fix/secure-note-max-size
branch
from
f96d0a5
to
2ab0f5c
Compare
|
Thank you for your contribution! We've added this to our internal Community PR board for review. |
bitwarden-bot
changed the title
As users are migrating from LastPass, I am seeing more and more people hitting the max length of 10,000 on the "Notes" field, which applies to both CipherType.Login and CipherType.SecureNote. This default is too low, and by being significantly lower than competing products, needlessly complicates the transition. This is not helped by how unhelpful the import process is on web (showing errors in console only, silently dropping items), which is a PR for another day. By merging this, we can ensure that one of the most common drop-offs is fixed. 45,000 matches LastPass. As we know that the encrypted length can be longer than the raw text, I have increased this to 50,000 so there is a healthy buffer to account for this inflation. Mirrors PR at bitwarden/server#2625
|
Does this change include an update to the error message that displays when the maximum character count is exceeded? |
|
Yes, as that is derived from the value given to the decorator. |
|
Thank you for your contribution. We are currently researching new approaches for note and attachment storage that meet our security requirements and will grow well with the platform. At this time we are unable to merge this change given those long-term architectural plans for secure data storage. We hope to enable much larger notes for you soon. |
|
I am sad to see the perfect be the enemy of the good here. Where is this work being done and how can we track it? |
|
I am also not quite sure why such an easy fix won't be merged to alleviate the pain people, who are migrating from LastPass, actually have right now. |
As users are migrating from LastPass, I am seeing more and more people hitting the max length of 10,000 on the "Notes" field, which applies to both CipherType.Login and CipherType.SecureNote. This default is too low, and by being significantly lower than competing products, needlessly complicates the transition. This is not helped by how unhelpful the import process is on web (showing errors in console only, silently dropping items), which is a PR for another day. By merging this, we can ensure that one of the most common drop-offs is fixed. 45,000 matches LastPass. As we know that the encrypted length can be longer than the raw text, I have increased this to 50,000 so there is a healthy buffer to account for this inflation. Mirrors PR at bitwarden/server#2625
See https://community.bitwarden.com/t/support-longer-notes-breaks-lastpass-import/2970
Type of change
Objective
As users are migrating from LastPass, I am seeing more and more people hitting the max length of 10,000 on the "Notes" field, which applies to both
CipherType.LoginandCipherType.SecureNote.This default is too low, and by being significantly lower than competing products, needlessly complicates the transition.
This is not helped by how unhelpful the import process is on web (showing errors in console only, silently dropping items), which is a PR for another day. By merging this, we can ensure that one of the most common drop-offs is fixed.
45,000 matches LastPass. As we know that the encrypted length can be longer than the raw text, I have increased this to 50,000 so there is a healthy buffer to account for this inflation.
Code changes
Notesfield to 45,000.