rotate encrytion key

[umop3plsdn]

I keep getting: rbw list: failed to unlock database: cipherstring type 0 too old Please rotate your account encryption key (https://bitwarden.com/help/article/account-encryption-key/) and try again.

I know how to rotate the encryption key and i've literally tried 10 different times with 10 different passwords. It's the checkbox you check when you change the master password. I've tried from 2 different web browsers and my phone to make sure that maybe it was a web browser problem. I've deleted the config.json file in between as well to enjure a fresh start. can anyone think of anything else it could be?

[umop3plsdn]

I thought maybe it had something to do with the API key so I changed it bitwarden now. It wont let me register with a new API key though even if I delete the config. I tried using rbw config unset but I don't know the old key to remove now LOL

[umop3plsdn]

if anyone else has this issue all i did was a purge and then typed list again and it worked perfectly

[JokerQyou]

This still happens for rbw 1.9.0 + Vaultwarden. Purging data does not help (since purging only deletes the local database of rbw). I suspect you did rotate your encryption key, it's just you need to logout and re-login to clients according to bitwarden official doc.

In my case I have over a dozen of clients (desktop apps, mobile apps, extensions for various browser). According to bitwarden doc I need to logout them all before I rotate the encryption key, and re-login them afterwards. That's just too much to do, not to mention that some machines are separated geographically.

The official cli client bw works, however. It's just very slow to use. I want to move to rbw for its speed but this issue makes it impossible. Sad.

[JokerQyou]

This is actually not a bug. For users used Bitwarden or Vaultwarden before version 2023.2.0, your account might be using a KDF iteration number that's considered too low (and insecure) in current versions of Bitwarden, see Low KDF iterations. The solution is to either change KDF algorithm to Argon2id with default parameters, or increase iteration number of PBKDF2 to at leaset 600,000. After that, be sure to rotate your encryption key to re-encrypt your vault data, follow this guide.