[PR #3398] [MERGED] always return KdfMemory and KdfParallelism #3281

New issue

Closed

opened 2026-03-03 09:58:10 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 09:58:10 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/3398
Author: @stefan0xC
Created: 3/30/2023
Status: ✅ Merged
Merged: 4/2/2023
Merged by: @dani-garcia

Base: main ← Head: dont-expect-kdf-memory-or-parallelism

📝 Commits (2)

0daaa9b always return KdfMemory and KdfParallelism
39a5f2d clear kdf memory and parallelism with pbkdf2

📊 Changes

3 files changed (+19 additions, -40 deletions)

View changed files

📝 src/api/core/accounts.rs (+8 -8)
📝 src/api/core/emergency_access.rs (+3 -9)
📝 src/api/identity.rs (+8 -23)

📄 Description

As discussed in #3390 we could simplify the login logic a bit because the client will ignore the value of theses fields in case of PBKDF2 (whether they are unset or set to any value from trying out Argon2id as KDF)

With Argon2id those fields should never be null but always in a valid state. Be aware that if they are null the client will assume the bitwarden presets (i.e. m=64 and p=4) and if the fields are set to something else (not sure how this would happen but it's technically possible with a sqlite database) the login would most likely fail.

So there should not be a reason to panic.

Disclaimer: I've only tested this change with the web-vault. Since this seems to be also the behavior of vault.bitwarden.com I'm assuming that the other clients will not behave differently in this regard.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/3398 **Author:** [@stefan0xC](https://github.com/stefan0xC) **Created:** 3/30/2023 **Status:** ✅ Merged **Merged:** 4/2/2023 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `dont-expect-kdf-memory-or-parallelism` --- ### 📝 Commits (2) - [`0daaa9b`](https://github.com/dani-garcia/vaultwarden/commit/0daaa9b175f0a254d86f60ee1eb5d0a1f6260b4b) always return KdfMemory and KdfParallelism - [`39a5f2d`](https://github.com/dani-garcia/vaultwarden/commit/39a5f2dbe8554c7cdea1b594c4a41d37597fc430) clear kdf memory and parallelism with pbkdf2 ### 📊 Changes **3 files changed** (+19 additions, -40 deletions) <details> <summary>View changed files</summary> 📝 `src/api/core/accounts.rs` (+8 -8) 📝 `src/api/core/emergency_access.rs` (+3 -9) 📝 `src/api/identity.rs` (+8 -23) </details> ### 📄 Description As discussed in #3390 we could simplify the login logic a bit because the client will ignore the value of theses fields in case of `PBKDF2` (whether they are unset or set to any value from trying out `Argon2id` as KDF) With `Argon2id` those fields should never be `null` but always in a valid state. Be aware that if they are `null` the client will assume the bitwarden presets (i.e. m=64 and p=4) and if the fields are set to something else (not sure how this would happen but it's technically possible with a sqlite database) the login would most likely fail. So there should not be a reason to panic. Disclaimer: I've only tested this change with the web-vault. Since this seems to be also the behavior of vault.bitwarden.com I'm assuming that the other clients will not behave differently in this regard. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>