mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-16 02:22:14 -05:00
[PR #3398] [MERGED] always return KdfMemory and KdfParallelism #16126
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/dani-garcia/vaultwarden/pull/3398
Author: @stefan0xC
Created: 3/30/2023
Status: ✅ Merged
Merged: 4/2/2023
Merged by: @dani-garcia
Base:
main← Head:dont-expect-kdf-memory-or-parallelism📝 Commits (2)
0daaa9balways return KdfMemory and KdfParallelism39a5f2dclear kdf memory and parallelism with pbkdf2📊 Changes
3 files changed (+19 additions, -40 deletions)
View changed files
📝
src/api/core/accounts.rs(+8 -8)📝
src/api/core/emergency_access.rs(+3 -9)📝
src/api/identity.rs(+8 -23)📄 Description
As discussed in #3390 we could simplify the login logic a bit because the client will ignore the value of theses fields in case of
PBKDF2(whether they are unset or set to any value from trying outArgon2idas KDF)With
Argon2idthose fields should never benullbut always in a valid state. Be aware that if they arenullthe client will assume the bitwarden presets (i.e. m=64 and p=4) and if the fields are set to something else (not sure how this would happen but it's technically possible with a sqlite database) the login would most likely fail.So there should not be a reason to panic.
Disclaimer: I've only tested this change with the web-vault. Since this seems to be also the behavior of vault.bitwarden.com I'm assuming that the other clients will not behave differently in this regard.
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.