github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-07 19:39:41 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

After increasing KDF iterations for the encryption key, logging in results only in an immediate "An error has occurred." message #2228

New Issue
Closed
opened 2025-11-26 23:12:25 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2025-11-26 23:12:25 -06:00
Owner
Copy Link

Originally created by @mlncn on GitHub (May 12, 2025).

Steps To Reproduce

  1. Go to https://vault.bitwarden.com/#/settings/security/security-keys
  2. Set KDF iterations to at least 4
  3. Go to older Android device where the vault was previously working
  4. Try to log in

Expected Result

The Bitwarden app can still unlock my vault even if it is very slow. That is, the log in succeeds, even if it takes a while, or at worst it times out after a minute and gives an error message indicating that.

Yes, the Key settings page warns "For older devices, setting your KDF too high may lead to performance issues. Increase the value in small increments and test your devices." But that should not mean a nearly immediate fail, and given that the same device is able to unlock the vault via the website (and pretty quickly) indicates that the device is not incapable of using the key with more iterations.

Actual Result

Instead, a nearly instant (under a second or two) message is returned "An error has occurred."

Screenshots or Videos

No response

Additional Context

Most important context is that the Bitwarden website does still work on the Android device.

Build Version

version 2.13.0

What server are you connecting to?

US

Self-host Server Version

No response

Environment Details

  • Device: Blackview BV9100 with Phone Storage 64.00 GB and Running Memory 4.0 GB
  • Android version: 9

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @mlncn on GitHub (May 12, 2025). ### Steps To Reproduce 1. Go to https://vault.bitwarden.com/#/settings/security/security-keys 2. Set KDF iterations to at least 4 3. Go to older Android device where the vault was previously working 4. Try to log in ### Expected Result The Bitwarden app can still unlock my vault even if it is very slow. That is, the log in succeeds, even if it takes a while, or at worst it times out after a minute and gives an error message indicating that. Yes, the Key settings page warns "For older devices, setting your KDF too high may lead to performance issues. Increase the value in small increments and test your devices." But that should not mean a nearly immediate fail, and given that the same device is able to unlock the vault via the website (and pretty quickly) indicates that the device is not incapable of using the key with more iterations. ### Actual Result Instead, a nearly instant (under a second or two) message is returned "An error has occurred." ### Screenshots or Videos _No response_ ### Additional Context Most important context is that the Bitwarden website _does_ still work on the Android device. ### Build Version version 2.13.0 ### What server are you connecting to? US ### Self-host Server Version _No response_ ### Environment Details - Device: Blackview BV9100 with Phone Storage 64.00 GB and Running Memory 4.0 GB - Android version: 9 ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the app:authenticatorbug labels 2025-11-26 23:12:25 -06:00
GiteaMirror commented 2025-11-26 23:12:26 -06:00
Author
Owner
Copy Link

@S-Kakar commented on GitHub (May 12, 2025):

Thank you for your report! We've added this to our internal board for review.
ID: PM-21549

@S-Kakar commented on GitHub (May 12, 2025): Thank you for your report! We've added this to our internal board for review. ID: PM-21549
GiteaMirror commented 2025-11-26 23:12:27 -06:00
Author
Owner
Copy Link

@NovaSilentium commented on GitHub (May 12, 2025):

Hi there,

I attempted to reproduce your issue and was unable to do so.

We use GitHub issues as a place to track bugs and other development related issues. If your issue persists, please write us back using our “Contact support” form located on our Help Center (https://bitwarden.com/help/).

You can include a link to this issue in the message content.

Alternatively, you can also search for an answer in our help documentation or get help from other Bitwarden users on our community forums (https://community.bitwarden.com/c/support/).

The issue here will be closed.

Thanks!

@NovaSilentium commented on GitHub (May 12, 2025): Hi there, I attempted to reproduce your issue and was unable to do so. We use GitHub issues as a place to track bugs and other development related issues. If your issue persists, please write us back using our “Contact support” form located on our Help Center (https://bitwarden.com/help/). You can include a link to this issue in the message content. Alternatively, you can also search for an answer in our help documentation or get help from other Bitwarden users on our community forums (https://community.bitwarden.com/c/support/). The issue here will be closed. Thanks!
GiteaMirror commented 2025-11-26 23:12:27 -06:00
Author
Owner
Copy Link

@mlncn commented on GitHub (May 12, 2025):

@NovaSilentium I'm sorry, which kind of phone and which version of Android did you use? This issue has persisted for all the many months since i made the KDF switch and is pretty definitely a code issue.

@mlncn commented on GitHub (May 12, 2025): @NovaSilentium I'm sorry, which kind of phone and which version of Android did you use? This issue has persisted for all the many months since i made the KDF switch and is pretty definitely a code issue.
GiteaMirror commented 2025-11-26 23:12:27 -06:00
Author
Owner
Copy Link

@pamperer562580892423 commented on GitHub (May 16, 2025):

@mlncn Another user here... As I see it, you are riding a dead horse here.

Build Version

version 2.13.0

That is no current version of the Android app (in other words: a very very old version) - and is completely out of support. The current version is 2025.4.0.

But the new native mobile app requires Android 10 at least, so if you decide to stay on Android 9, you can't expect any change.

@pamperer562580892423 commented on GitHub (May 16, 2025): @mlncn Another user here... As I see it, you are riding a dead horse here. > Build Version > > version 2.13.0 That is no current version of the Android app (in other words: a very very old version) - and is completely out of support. The current version is 2025.4.0. But the new native mobile app requires Android 10 at least, so if you decide to stay on Android 9, you can't expect any change.
GiteaMirror commented 2025-11-26 23:12:27 -06:00
Author
Owner
Copy Link

@pamperer562580892423 commented on GitHub (May 16, 2025):

PS: Even if your issue could be reproduced - nobody would update a years-old out-of-support version of the app. BTW, I don't see a version 2.13.0 (https://github.com/bitwarden/android/releases?page=10). If you meant 2.3.1, that would be five years old then (released in March 2020).

And I think you are talking about the PBKDF2-"KDF" (as Argon2-"KDF" was only added with 2023.2.0 (https://bitwarden.com/help/releasenotes/#2023-2-0) your old mobile app couldn't handle that)... And if you're talking about PBKDF2, then an iteration value of 4 would be really insecure. The default iteration for PBKDF2 is 600000 now. You should consider updating that. (or change to Argon2 altogether, if you can)

@pamperer562580892423 commented on GitHub (May 16, 2025): PS: Even if your issue could be reproduced - nobody would update a years-old out-of-support version of the app. BTW, I don't see a version 2.13.0 (https://github.com/bitwarden/android/releases?page=10). If you meant 2.3.1, that would be five years old then (released in March 2020). And I think you are talking about the PBKDF2-"KDF" (as Argon2-"KDF" was only added with 2023.2.0 (https://bitwarden.com/help/releasenotes/#2023-2-0) your old mobile app couldn't handle that)... And if you're talking about PBKDF2, then an iteration value of 4 would be really insecure. The default iteration for PBKDF2 is 600000 now. You should consider updating that. (or change to Argon2 altogether, if you can)
GiteaMirror commented 2025-11-26 23:12:28 -06:00
Author
Owner
Copy Link

@mlncn commented on GitHub (May 16, 2025):

@pamperer562580892423 thank you very much— all my version numbers are correct; the real problem here then is that Bitwarden is not supporting older versions of Android, or rather, that Android is not supporting "older" phones (bought new exactly four years ago, though now that i look it up the Android version would have been a little more than a year behind the latest even then 😬 ). Fighting the tide of unnecessary e-waste was never going to be easy, i guess. If anybody has recommendations for an Android fork that'd have more modern versions running for the Blackview BV9100, let me know 😭

Apologies for the noise; lots of apps do receive regular updates so i had figured i was on the latest version, and should have checked that.

@mlncn commented on GitHub (May 16, 2025): @pamperer562580892423 thank you very much— all my version numbers are correct; the real problem here then is that Bitwarden is not supporting older versions of Android, or rather, that Android is not supporting "older" phones (bought new exactly four years ago, though now that i look it up the Android version would have been a little more than a year behind the latest even then 😬 ). Fighting the tide of unnecessary e-waste was never going to be easy, i guess. If anybody has recommendations for an Android fork that'd have more modern versions running for the Blackview BV9100, let me know 😭 Apologies for the noise; lots of apps do receive regular updates so i had figured i was on the latest version, and should have checked that.
GiteaMirror commented 2025-11-26 23:12:28 -06:00
Author
Owner
Copy Link

@pamperer562580892423 commented on GitHub (May 16, 2025):

@mlncn ... it could be argued, that the real problem is, to use any Bitwarden app on a platform/OS that is out of support itself and doesn't get any security updates anymore. 😉 Android 9 got it's last (and final) security update more than 3 (three!!) years ago (in January 2022).

all my version numbers are correct;

That's indeed shocking. 😅 If/when you change devices, please bring your PBKDF2 to at least 600000 iterations - or change to Argon2 altogether.

@pamperer562580892423 commented on GitHub (May 16, 2025): @mlncn ... it could be argued, that the real problem is, to use any Bitwarden app on a platform/OS that is out of support itself and doesn't get any security updates anymore. 😉 Android 9 got it's last (and final) security update more than 3 (three!!) years ago (in January 2022). > all my version numbers are correct; That's indeed shocking. 😅 If/when you change devices, please bring your PBKDF2 to at least 600000 iterations - or change to Argon2 altogether.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label app:authenticator bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#2228
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?