[pmontra]

Or multiple machines. There are about 31k seconds in a year. 3.1 seconds per iteration seems already slow as a response time to unlock a db so it's about one year for those 10000 attempts. Split it between 10 machines by first digit, it's down to a little more than one month. Split it between 100 machines by the first two digits and it's down to half a week.

A four digit PIN is poor security. What Bitwarden could do is removing that feature.

[warkdarrior]

Uhm, 31k seconds is about 8.7 hours.

[usefulcat]

31.5 million seconds in a year

[pmontra]

You're right, sorry. I probably misread my screen.

[chrisandchris]

Split it to 5000 machines, which will be "quite easy to get" for a computation that takes a single line in most languages. Then we're talking about 6 seconds and 50% success on first try.