top | item 46921075

(no title)

Bastion does not treat the master as a “password.” It is a cryptographic root secret equivalent to a 256-bit key. If you downgrade it to a human-memorable string, you are violating the security model. Argon2id + 210k PBKDF2 rounds + rejection sampling makes brute force economically brutal

discuss

commandersaki|23 days ago

For storage neither does 1P; it masks the password with a 256-bit key. The password is merely to make unlock easier, but will soon support passkey unlock anyway. I feel you have designed this program based on a strawman and not how some of the vendors in this space implement their security model.

KevinChasse|23 days ago

Bastion isn’t designed for convenience or multi-device sync — it’s a deterministic, stateless cryptographic protocol. The master isn’t a human-memorable password; it’s a 256-bit root secret. Lowering it to a “password” breaks the threat model. Unlike consumer vaults, Bastion explicitly enforces domain-separated salts, memory-hard derivation (Argon2id + PBKDF2), unbiased sampling, and versioned rotation — all provable invariants, not heuristic convenience. Syncing or masking passwords like 1P is a different design class: it trades third-party trust for usability. This isn’t a strawman — it’s an architectural choice to remove server-side attack surfaces and guarantee deterministic, stateless password generation.