Bitwarden

772 readers

1 users here now

Discuss the Paswordmanager Bitwarden.

founded 1 year ago

MODERATORS

[email protected]

Bitwarden master password and public server auth (lemmy.ca)

submitted 9 months ago* (last edited 9 months ago) by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

I have what may be a stupid question...

How is it your master password is both used to decrypt your vault and used to authenticate with bitwardens public servers to acquire a copy of your vault/view it in the web app, but bitwarden can't use that password entry to decrypt the vault themselves?

(please correct me if I'm misunderstanding, as I use self-hosted vaultwarden for my server instead of the public ones)

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 0 points 8 months ago* (last edited 8 months ago)

The bitwarden servers do not store your password in plain text, but rather as a hash. The hashing algorithm they use hashes the password and outputs a digest. Hashing algorithms are by design not reversible and no hashing algorithm outputs the same hash (at least the audited ones). This can be used to check if the password is indeed the correct password without knowing the password itself. Upon authenticating, the server sends you the encrypted vault and the encrypted vault is decrypted using the same password locally on your computer. So nothing is sent in plain text nor received.