Reply from bitwarden author: https://old.reddit.com/r/Bitwarden/comments/10jj6fk/bitwarden_design_flaw_server_side_iterations/j5mjqbx/
Jeremi M Gosney had an interesting take: https://infosec.exchange/@epixoip/109745121950143176
Kudos for mentioning diceware! I think this is one of the most under-mentioned ways to create passwords. I also think it’s great how it implicitly explains password security and why some suggestions that people give regarding secure passwords are questionable at best. Like short, but it absolutely needs to have at least one special character, because that exclamation mark that most people seem to put at the end really changes a lot.
Diceware might be something to teach in school, together with related things, such as “people [computers] will try leaked passwords on all the big websites”, etc. Sadly some schools end up doing tests of what each icon’s label is. My favorite example is writing “Exit” instead of “Close” leading to a worse grade on such a test. But that’s another story.
I think it’s the wrong way to spend huge amounts of money to try to censor bad actors, or leading everyone into walled gardens, instead of educating people.
Wouldn’t it make more sense to use a HKDF to expand the output of the KDF into separate encryption and authentication keys, instead of server-side iteration?