make pbkdf2 rounds a per-site password profile option

[allanjude]

The number of rounds of PBKDF2 is designed to be constantly scaled up as CPUs get faster. I think the default value of 8192 is too low, but my bigger concern is that there is no way to change this value.

It would probably be best if it was part of the 'password profile', with the other complexity information. This way the default can be bumped from time to time, and newly generated passwords will be stronger, and passwords will get stronger when they are changed, but old password can remain unchanged by specifying the smaller value.

[guillaumevincent]

😲 @allanjude looking at LessPass :) I'm a big fan of BSDNow Podcasts

This is definitely something we need to do.
The biggest problem is how to tell users of the offline version of (web site or web extension) as the version by default will change (increase from 8192 to another value) ?

I'm building a frontend version of LessPass and the number of round we can do without killing our browser is around 100k. So it is something to top the list of priorities

I will update the lesspass-core and lesspass-webcrypto to prepare the API.
Thanks for posting this

[edouard-lopez]

As of 2005 a Kerberos standard recommended 4096 iterations,[2] Apple iOS 3 used 2000, iOS 4 used 10000,[3] while in 2011 LastPass used 5000 iterations for JavaScript clients and 100000 iterations for server-side hashing.

https://www.wikiwand.com/en/PBKDF2#/Purpose_and_operation

I reckon LastPass has a feature to set the number of iteration based on your computer power by running as much as it can in 1s then use that as value.

[edouard-lopez]

Some resources:

• Recommended # of iterations when using PBKDF2-SHA256? on stackoverflow
• Recommended # of iterations when using PKBDF2-SHA256? on security stackexchange

[allanjude]

Yes, so while a benchmark of 1 second is great, the problem is that if you want the result to be portable from your desktop to your cell phone, then that doesn't work. We likely need to go with the lowest common denominator, and some value like 64000 or 96000 or something for now, and bump it every year or two. This of course causes a problem for offline mode. It might make sense to define standards by year, and do these type of 'roll ups' on Jan 1st, so offline mode users just select the year the password was generator, to get the correct number of rounds.

This is why I raised this issue, it must be dealt with sooner rather than later, as the more people that adopt LessPass, the harder it will be to fix things like this. It is important there be an upgrade path, and a way forward.

[guillaumevincent]

We should encourage every year a master password change (#36) and a version change.

master password 1 + version Aurora -> master password 2 + next Version

[allanjude]

That might be a usability problem, if you have to spent new years day changing your password on 150 websites

[guillaumevincent]

@allanjude I want to say that if we increase the number of iterations, we should offer a way to change master password easily. And we need to announce long time before a version change.

@edouard-lopez long time enough ? 3 months ?

[allanjude]

@guillaumevincent Sadly, there isn't a way to change the master password without changing every password.

[edouard-lopez]

@guillaumevincent to answer your question we should first know what are the metric to trigger the migration: time since announcement, number of views, user complains, arbitrary, backward-compatibility (or not), etc.
However, regular passwords update as a core value is both critical to the product viability and good for the users. So we need to push forward.

[alexandru]

Hi @guillaumevincent, @edouard-lopez - thanks for your project.

I would like to use LessPass, however the low iteration count on PBKDF2 is of concern. I usually set KeePass to work with 100,000 iterations - even if it's slow in a mobile browser, I can wait.

Speaking of which, loading a web page from your server is of concern on mobile devices, for which we don't have those nice web extensions either. I want to host that static content on my own server, just the static content, preferably with the PBKDF2 iterations parameter changed. Can you provide some quick instructions for that? Like should I clone and change https://github.com/lesspass/frontend ?

Cheers,

[guillaumevincent]

@alexandru the simplest way to do so is to clone lesspass/pure

change PasswordGenerator.vue from:

LessPass.encryptLogin(this.password.login, this.masterPassword).then(encryptedLogin => {
    this.encryptedLogin = encryptedLogin;
}); 

to

LessPass.encryptLogin(this.password.login, this.masterPassword, {iterations: 100000}).then(encryptedLogin => {
    this.encryptedLogin = encryptedLogin;
}); 

and then rebuild

npm install && npm run build

and then open index.html

For the next time, do not hesitate to open a specific issue to your request.
Thank you

[guillaumevincent]

The version 2 of LessPass core use 100k iterations. This took around 1.5 second on safari mobile, but under 100ms with webcrypto on chrome and firefox mobile.

I've created a pbkdf2 polyfill https://github.com/lesspass/core/blob/master/src/pbkdf2.js.

So the version 2 will have a 100k round.
The password profile got a version field that refers to a configuration.
I close this one.

[alexandru]

Nice :-) so when is version 2 coming out?

[guillaumevincent]

@alexandru we are close https://github.com/lesspass/lesspass/milestone/2