[ThreePinkApples]

The current (and very recently updated) OWASP recommendation[1] is a minimum of 600 000 iterations

[1] https://cheatsheetseries.owasp.org/cheatsheets/Password_Stor...

[Daunk]

I read that as a "total of 600 000" iterations, so 300 000 locally and 300 000 on the server. Am I wrong?

[ajb]

According to the OP article, the server side iterations are ineffective for adding security in bitwarden, so you need 600,000 on the client. This would not be the case if the design was correct.

(I'm not a security expert, so I'm going by the article)