[FfejL]

"Let's now assume that the user enables the PIN unlock and configures Bitwarden so that it doesn't require the master password on restart."

If the user has setup Bitwarden so the master password is not required, then the user gets what they asked for, namely a password database secured by a 4 digit PIN. Not clear to me why this is a problem Bitwarden needs to fix.

[nabakin]

You're assuming the average user understands security when that is definitely not the case. The job of Bitwarden is to help all users (even ones ignorant of security) to secure their data. If Bitwarden has no warning explaining that pins are unsecure, then the fault 100% lies with Bitwarden.

[beachy]

Some things fall into the "obvious" category, users should just know them, and it's not 100% on Bitwarden to make the world a safe place.

Is it a good idea to leave your password on a piece of paper under your keyboard? No, and you shouldn't need Bitwarden to tell you that.

Is it a good idea to use your name and date of birth as a password? No, and this should be obvious, not something Bitwarden needs to educate you about.

Is it safe to rely on a 4 digit PIN? Obviously not, when there are only 10000 possible combinations. You shouldn't need Bitwarden to tell you that though.

Are there people out there who do need this education? Of course. But that's a job for someone with infinite patience and understanding. Not some words on a web page from a supplier.

Case in point, my step dad belonged to a "computers for elders" group and one day he learned about antivirus software. Next time I watched him, he was googling for anti virus software and downloading any he could find, from anywhere on the internet. He ended up with 6 different AV packages, some very dubious looking indeed. I tried to explain the dangers but he couldn't understand how antivirus could actually harm his computer. And he was a practicing doctor of medicine before retirement. It really highlighted the challenges of protecting some people in the brave new digital world.

[twblalock]

> Is it safe to rely on a 4 digit PIN? Obviously not, when there are only 10000 possible combinations. You shouldn't need Bitwarden to tell you that though.

Most people really don’t know that. It is not obvious to a normal user.

[brewdad]

I realize math education in the US sucks but are really suggesting most people can’t figure out that 0 to 9999 is all the possibilities you get from 4 digits?

[pyrelight]

You're thinking like an engineer.

I'm confident your average person would understand that a PIN is insecure if it was explained to them.

But think about other things in life that use a PIN -- debit cards, customer support shortcuts, etc. These are things that can't or typically won't be brute forced and are deemed as "secure enough" in our world.

Your average person has no idea how a 2FA token is generated, but they know it's just a few numbers that they have to enter on various websites and apps, and those numbers resemble a PIN. Yet another reinforcement that just a few numbers keeps things secure.

If you walk a user through software setup, and at some point they need to provide a complex master password, they would never automatically assume that being presented with an option to use a PIN would remove the security provided by a complex master password.

Only if they were to think it through, or have someone who thinks analytically, would they understand that in this scenario, given that it's Internet-accessible software, a PIN could be brute forced in no time unlike their debit card or any other PIN they may need to use in the course of their day to day life.

[twblalock]

Yes, most people cannot figure that out, but also it would not occur to most people to consider that when opting for a PIN over a password.

[GeorgeDewar]

One could get into a long debate about whether "most" is literally true or not, but I think most of us should be able to agree that at least a significant proportion of people - enough to matter - either won't or can't think of this without some prompting.

[_flux]

Well, a person once asked me why they need to use a bank card in the ATM, when it already asks for the PIN.

[fomine3]

Average user: Bank card requires 4 digits PIN, so it must be safe

[userbinator]

Is it a good idea to leave your password on a piece of paper under your keyboard? No, and you shouldn't need Bitwarden to tell you that.

Yes it is, if your threat model excludes physical access; and in that case, it's probably more secure than anything software can do.

[lxgr]

> Some things fall into the "obvious" category, users should just know them, and it's not 100% on Bitwarden to make the world a safe place.

It‘s 100% their job to make passwords a safer system.

As an advanced user, I can look up whether the PIN is tangled to a server-side limit or a TPM (or equivalent) for maximum attempts enforcement.

Most users don‘t even know these things exist or how to look for them. That‘s arguably nothing they should have to worry about, though.

[Thorrez]

>Is it safe to rely on a 4 digit PIN? Obviously not, when there are only 10000 possible combinations. You shouldn't need Bitwarden to tell you that though.

Normal users see that Bitwarden blocks you after 5 guesses, therefore an attacker will never get past all 10000 guesses. They won't realize that this block is easily evadable.

[halayli]

It's a bit of a stretch to label Bitwarden users as average user. Average users don't know about password managers beyond whatever their browser supports.

[e12e]

With a secure enclave of some kind, there could conceivably be a three attempt limit before the temporary key associated with the pin is deleted, and full pass phrase is required. In such a setup pin might make sense.

As it is - I'm not sure if pin makes sense even if there's user demand? Then again I do use biometric unlock - and that's not really great either.

At least the bitwarden installs are behind fde (macOS) - and possibly (?) file based encryption (Android 13+).

[Eisenstein]

If the user setup the PIN and uses it every time the chances that they know the master password is about 50/50.

[e12e]

50/50 chance the pass phrase is secure against keylogger!

[ambiso]

> the user gets what they asked for, namely a password database secured by a 4 digit PIN.

A 4 digit PIN would be safe if Bitwarden securely enforced an attempt limit on the PIN. There's several options to implement this securely (see e.g. other comments about Windows Hello or use of a TPM).

[eviks]

Why did you jump to a 4 digit PIN instead of a 10 letter word? (which is still faster than the full 20 letter master password with many special symbols)

Is it because of the name PIN? So there is your simple answer of what problem Bitwarden needs to fix

[Aeolun]

Why would you think the master password has many special symbols and 20 characters? You can just have the 4 digit pin as your master password.

[eviks]

Your mirroring fails precisely because it's a password, and it's pretty common to set minimum requirements, so you can't have 4 digit pin

Similarly with your first point - I don't think the master password has many special symbols, I'm just asking a question that illustrates the issue with the original faulty assumption

[SV_BubbleTime]

They could make the pin process intentionally slow… maybe with some number of iterations… and as computers get faster they can just update the number of iterations required…

[morpheuskafka]

If the PIN is local, only a secure element type of chip could meaningfully enforce this restriction. Otherwise, whatever memory or disk stores the secret encrypted only by the 4-digit PIN could still be brute forced. Just disabling entering a PIN in the UI would not be enough for security.

[0xdeafbeef]

You can use pbdkf2 with 200k iterations or argon2 to derive key from pin

[gengkev]

Suppose it takes 2 seconds of 100% cpu usage to compute the password hash (you probably wouldn't want to wait much longer).

Then brute forcing a 4 digit PIN will take 20000 seconds ≈ 6 hours maximum. There's no way around that, no matter what hash function you use.

[benatkin]

In that case make it take a week to unlock your password store, then it will take 200 years to unlock it!

[TJSomething]

An Nvidia RTX 4090 can crack a 4 digit pin using PBKDF2 with 200k iterations in less than a quarter of a second. Argon2 is definitely the better option, but even at 1 hash per second, that's less 3 hours.

[barsonme]

This has very limited benefit for weak passcodes, like PINs.

[chrisandchris]

Which will still be ... nothing?

> [...] As a comparison baseline, a 2.4 GHz Core2 CPU can perform about 2.3 millions of elementary SHA-256 computations per second (with a single core), so this would imply, on that CPU, about 20000 rounds to achieve the "8 milliseconds" goal.

So you'll need something that takes at least as long as entering your full password, at which point you basically could enter the full password (from a UX perspective). They PIN is here to make it faster and it will always be security vs. ease-of-use.

[1] https://security.stackexchange.com/questions/3959/recommende...

[nebulous1]

It already is intentionally "slow". However, for a 4 digit pin there are only 10 thousand combinations. It is not practical for it to be so slow that 10000x it is an infeasible amount of time. Not only would the user have to way too long on each entry, the attacker could just use faster hardware.

[pmontra]

Or multiple machines. There are about 31k seconds in a year. 3.1 seconds per iteration seems already slow as a response time to unlock a db so it's about one year for those 10000 attempts. Split it between 10 machines by first digit, it's down to a little more than one month. Split it between 100 machines by the first two digits and it's down to half a week.

A four digit PIN is poor security. What Bitwarden could do is removing that feature.

[warkdarrior]

Uhm, 31k seconds is about 8.7 hours.

[usefulcat]

31.5 million seconds in a year

[pmontra]

You're right, sorry. I probably misread my screen.

[chrisandchris]

Split it to 5000 machines, which will be "quite easy to get" for a computation that takes a single line in most languages. Then we're talking about 6 seconds and 50% success on first try.

[8ytecoder]

And add other defensive mechanisms like lockout after n retries.

[mmis1000]

Unless you are using a hardware based pin. Lockout is useless. I can just backup the file before lockout and restore

Or… I can just stop the software, change computer time. And the timeout is over.

[sowbug]

That's a bit like putting a website password check in the client-side JavaScript. Attacker removes lockout, continues brute-forcing.

There really isn't a solution if the entropy is low and the enforcement mechanisms are in the hands of the attacker. Even a TPM or secure element is just a financial obstacle to a sufficiently motivated attacker.

[cryptonector]

> Even a TPM or secure element is just a financial obstacle to a sufficiently motivated attacker.

For sure, but currently it's a fairly big step function for an attacker to have to teardown a TPM (or find a vulnerability in its firmware).