bitwarden · ike-kottlowski · Mar 16, 2026 · Mar 16, 2026 · Mar 16, 2026 · Mar 16, 2026
@@ -1,6 +1,4 @@
-#nullable enable
-
-using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations;
 using Bit.Core.Enums;
 using Bit.Core.KeyManagement.Models.Data;
 using Bit.Core.Utilities;
@@ -22,6 +20,8 @@ public class MasterPasswordUnlockAndAuthenticationDataModel : IValidatableObject
     [EncryptedString] public required string MasterKeyEncryptedUserKey { get; set; }
     [StringLength(50)]
     public string? MasterPasswordHint { get; set; }
+    [MaxLength(256)]
+    public string? MasterPasswordSalt { get; set; }
 
     public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
     {
@@ -58,9 +58,9 @@ public MasterPasswordUnlockAndAuthenticationData ToUnlockData()
 
             MasterKeyAuthenticationHash = MasterKeyAuthenticationHash,
             MasterKeyEncryptedUserKey = MasterKeyEncryptedUserKey,
-            MasterPasswordHint = MasterPasswordHint
+            MasterPasswordHint = MasterPasswordHint,
+            MasterPasswordSalt = MasterPasswordSalt
         };
         return data;
     }
-
 }
@@ -72,8 +72,7 @@ public User ToUser()
             // KdfMemory and KdfParallelism are optional (only used for Argon2id)
             KdfMemory = MasterPasswordUnlock?.Kdf.Memory ?? KdfMemory,
             KdfParallelism = MasterPasswordUnlock?.Kdf.Parallelism ?? KdfParallelism,
-            // PM-28827 To be added when MasterPasswordSalt is added to the user column
-            // MasterPasswordSalt = MasterPasswordUnlock?.Salt ?? Email.ToLower().Trim(),
+            MasterPasswordSalt = MasterPasswordUnlock?.Salt,
             Key = MasterPasswordUnlock?.MasterKeyWrappedUserKey ?? UserSymmetricKey
         };
 

@@ -18,13 +18,18 @@ public class MasterPasswordUnlockAndAuthenticationData
     /// </summary>
     public required string MasterKeyEncryptedUserKey { get; set; }
     public string? MasterPasswordHint { get; set; }
+    public string? MasterPasswordSalt { get; set; }
 
     public bool ValidateForUser(User user)
     {
         if (KdfType != user.Kdf || KdfMemory != user.KdfMemory || KdfParallelism != user.KdfParallelism || KdfIterations != user.KdfIterations)
         {
             return false;
         }
+        else if (MasterPasswordSalt != null  && MasterPasswordSalt != user.GetMasterPasswordSalt())
+        {
+            return false;
+        }
         else if (Email != user.Email)
         {
             return false;

@@ -197,7 +197,7 @@ private void BuildMasterPasswordUnlock()
                     Parallelism = _user.KdfParallelism
                 },
                 MasterKeyEncryptedUserKey = _user.Key!,
-                Salt = _user.Email.ToLowerInvariant()
+                Salt = _user.GetMasterPasswordSalt()
             };
         }
         else

@@ -801,6 +801,7 @@ private void SetupRotateUserAccountUnlockData(
         request.AccountUnlockData.MasterPasswordUnlockData.KdfMemory = user.KdfMemory;
         request.AccountUnlockData.MasterPasswordUnlockData.KdfParallelism = user.KdfParallelism;
         request.AccountUnlockData.MasterPasswordUnlockData.Email = user.Email;
+        request.AccountUnlockData.MasterPasswordUnlockData.MasterPasswordSalt = user.GetMasterPasswordSalt();
         request.AccountUnlockData.MasterPasswordUnlockData.MasterKeyEncryptedUserKey = _mockEncryptedString;
 
         // Unlock data arrays

@@ -181,6 +181,37 @@ public void ToUser_Returns_User(string email, string masterPasswordHash, string
         Assert.Equal(userSymmetricKey, result.Key);
         Assert.Equal(userAsymmetricKeys.PublicKey, result.PublicKey);
         Assert.Equal(userAsymmetricKeys.EncryptedPrivateKey, result.PrivateKey);
+        Assert.Null(result.MasterPasswordSalt);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public void ToUser_WithMasterPasswordUnlock_MapsSalt(string email, string masterPasswordHint,
+        KeysRequestModel userAsymmetricKeys)
+    {
+        // Arrange
+        var model = new RegisterFinishRequestModel
+        {
+            Email = email,
+            MasterPasswordHint = masterPasswordHint,
+            UserAsymmetricKeys = userAsymmetricKeys,
+            MasterPasswordUnlock = new MasterPasswordUnlockDataRequestModel
+            {
+                Kdf = new KdfRequestModel
+                {
+                    KdfType = KdfType.PBKDF2_SHA256,
+                    Iterations = AuthConstants.PBKDF2_ITERATIONS.Default
+                },
+                MasterKeyWrappedUserKey = "wrapped-key",
+                Salt = "explicit-salt-value"
+            }
+        };
+
+        // Act
+        var resultUser = model.ToUser();
+
+        // Assert
+        Assert.Equal("explicit-salt-value", resultUser.MasterPasswordSalt);
     }
 
     [Fact]

@@ -139,6 +139,48 @@ public async Task SetInitialMasterPassword_InvalidSalt_ThrowsBadRequestException
         Assert.Equal("Invalid master password salt.", exception.Message);
     }
 
+    [Theory]
+    [BitAutoData]
+    public async Task SetInitialMasterPassword_NullSalt_UsesEmailFallback(
+        SutProvider<SetInitialMasterPasswordCommand> sutProvider,
+        User user, UserAccountKeysData accountKeys, KdfSettings kdfSettings,
+        Organization org, OrganizationUser orgUser, string serverSideHash, string masterPasswordHint)
+    {
+        // Arrange
+        user.Key = null;
+        user.MasterPasswordSalt = null;
+        var expectedSalt = user.Email.ToLowerInvariant().Trim();
+        var model = CreateValidModel(user, accountKeys, kdfSettings, org.Identifier, masterPasswordHint);
+
+        // Verify the model uses the email-derived salt
+        Assert.Equal(expectedSalt, model.MasterPasswordUnlock.Salt);
+        Assert.Equal(expectedSalt, model.MasterPasswordAuthentication.Salt);
+
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdentifierAsync(org.Identifier)
+            .Returns(org);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByOrganizationAsync(org.Id, user.Id)
+            .Returns(orgUser);
+
+        sutProvider.GetDependency<IPasswordHasher<User>>()
+            .HashPassword(user, model.MasterPasswordAuthentication.MasterPasswordAuthenticationHash)
+            .Returns(serverSideHash);
+
+        UpdateUserData mockUpdateUserData = (connection, transaction) => Task.CompletedTask;
+        sutProvider.GetDependency<IUserRepository>()
+            .SetMasterPassword(user.Id, model.MasterPasswordUnlock, serverSideHash, model.MasterPasswordHint)
+            .Returns(mockUpdateUserData);
+
+        // Act — should not throw since email fallback provides a valid salt
+        await sutProvider.Sut.SetInitialMasterPasswordAsync(user, model);
+
+        // Assert
+        await sutProvider.GetDependency<IEventService>().Received(1)
+            .LogUserEventAsync(user.Id, EventType.User_ChangedPassword);
+    }
+
     [Theory]
     [BitAutoData]
     public async Task SetInitialMasterPassword_InvalidOrgSsoIdentifier_ThrowsBadRequestException(

@@ -65,6 +65,50 @@ await sutProvider.GetDependency<IEventService>().Received(1)
             .LogUserEventAsync(user.Id, EventType.User_ChangedPassword);
     }
 
+    [Theory]
+    [BitAutoData]
+    public async Task OnboardMasterPassword_NullSalt_UsesEmailFallback(
+        SutProvider<TdeSetPasswordCommand> sutProvider,
+        User user, KdfSettings kdfSettings,
+        Organization org, OrganizationUser orgUser, string serverSideHash, string masterPasswordHint)
+    {
+        // Arrange
+        user.Key = null;
+        user.PublicKey = "public-key";
+        user.PrivateKey = "private-key";
+        user.MasterPasswordSalt = null;
+        var expectedSalt = user.Email.ToLowerInvariant().Trim();
+        var model = CreateValidModel(user, kdfSettings, org.Identifier, masterPasswordHint);
+
+        // Verify the model uses the email-derived salt
+        Assert.Equal(expectedSalt, model.MasterPasswordUnlock.Salt);
+        Assert.Equal(expectedSalt, model.MasterPasswordAuthentication.Salt);
+
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdentifierAsync(org.Identifier)
+            .Returns(org);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByOrganizationAsync(org.Id, user.Id)
+            .Returns(orgUser);
+
+        sutProvider.GetDependency<IPasswordHasher<User>>()
+            .HashPassword(user, model.MasterPasswordAuthentication.MasterPasswordAuthenticationHash)
+            .Returns(serverSideHash);
+
+        UpdateUserData mockUpdateUserData = (connection, transaction) => Task.CompletedTask;
+        sutProvider.GetDependency<IUserRepository>()
+            .SetMasterPassword(user.Id, model.MasterPasswordUnlock, serverSideHash, model.MasterPasswordHint)
+            .Returns(mockUpdateUserData);
+
+        // Act — should not throw since email fallback provides a valid salt
+        await sutProvider.Sut.SetMasterPasswordAsync(user, model);
+
+        // Assert
+        await sutProvider.GetDependency<IEventService>().Received(1)
+            .LogUserEventAsync(user.Id, EventType.User_ChangedPassword);
+    }
+
     [Theory]
     [BitAutoData]
     public async Task OnboardMasterPassword_UserAlreadyHasPassword_ThrowsBadRequestException(

@@ -600,7 +600,9 @@ private static void SetTestKdfAndSaltForUserAndModel(User user, RotateUserAccoun
         model.MasterPasswordUnlockData.KdfIterations = 3;
         model.MasterPasswordUnlockData.KdfMemory = 64;
         model.MasterPasswordUnlockData.KdfParallelism = 4;
-        // The email is the salt for the KDF and is validated currently.
+        model.MasterPasswordUnlockData.MasterPasswordSalt = user.GetMasterPasswordSalt();
+        // The email used to be the salt for the KDF and is validated currently.
+        // TODO: This can be removed once the email is no longer used as part of the KDF salt and validation is updated to reflect that.
         user.Email = model.MasterPasswordUnlockData.Email;
     }
 

diff --git a/test/Identity.Test/IdentityServer/UserDecryptionOptionsBuilderTests.cs b/test/Identity.Test/IdentityServer/UserDecryptionOptionsBuilderTests.cs
@@ -335,6 +335,7 @@ public async Task Build_WhenUserHasNoMasterPassword_ShouldReturnNoMasterPassword
     public async Task Build_WhenUserHasMasterPassword_ShouldReturnMasterPasswordUnlock(User user)
     {
         user.Email = "test@example.COM";
+        user.MasterPasswordSalt = null;
 
         var result = await _builder.ForUser(user).BuildAsync();
 
@@ -344,7 +345,19 @@ public async Task Build_WhenUserHasMasterPassword_ShouldReturnMasterPasswordUnlo
         Assert.Equal(user.KdfIterations, result.MasterPasswordUnlock.Kdf.Iterations);
         Assert.Equal(user.KdfMemory, result.MasterPasswordUnlock.Kdf.Memory);
         Assert.Equal(user.KdfParallelism, result.MasterPasswordUnlock.Kdf.Parallelism);
-        Assert.Equal("test@example.com", result.MasterPasswordUnlock.Salt);
+        Assert.Equal(user.GetMasterPasswordSalt(), result.MasterPasswordUnlock.Salt);
         Assert.Equal(user.Key, result.MasterPasswordUnlock.MasterKeyEncryptedUserKey);
     }
+
+    [Theory, BitAutoData]
+    public async Task Build_WhenUserHasExplicitSalt_ShouldReturnExplicitSalt(User user)
+    {
+        user.MasterPasswordSalt = "explicit-salt-value";
+
+        var result = await _builder.ForUser(user).BuildAsync();
+
+        Assert.True(result.HasMasterPassword);
+        Assert.NotNull(result.MasterPasswordUnlock);
+        Assert.Equal("explicit-salt-value", result.MasterPasswordUnlock.Salt);
+    }
 }