this post was submitted on 10 Feb 2024
3 points (71.4% liked)

Bitwarden

772 readers
1 users here now

Discuss the Paswordmanager Bitwarden.

founded 1 year ago
MODERATORS
[email protected]
3
Bitwarden master password and public server auth (lemmy.ca)
submitted 9 months ago* (last edited 9 months ago) by [email protected] to c/[email protected]
5 comments fedilink hide all child comments
 

I have what may be a stupid question...

How is it your master password is both used to decrypt your vault and used to authenticate with bitwardens public servers to acquire a copy of your vault/view it in the web app, but bitwarden can't use that password entry to decrypt the vault themselves?

(please correct me if I'm misunderstanding, as I use self-hosted vaultwarden for my server instead of the public ones)

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 9 months ago

I see. Well, that’s a valid concern, I guess. That’s similar to how WhatsApp is end-to-end encrypted, but they might as well be sending your private key somewhere, or your locally decrypted messages. In the end it’s to a certain extent based on trust, unless you can and are willing to control and/or audit the critical parts.