1
submitted 7 months ago* (last edited 7 months ago) by Darkassassin07@lemmy.ca to c/bitwarden@discuss.tchncs.de

I have what may be a stupid question...

How is it your master password is both used to decrypt your vault and used to authenticate with bitwardens public servers to acquire a copy of your vault/view it in the web app, but bitwarden can't use that password entry to decrypt the vault themselves?

(please correct me if I'm misunderstanding, as I use self-hosted vaultwarden for my server instead of the public ones)

you are viewing a single comment's thread
view the rest of the comments
[-] oktoberpaard@feddit.nl 2 points 7 months ago

I see. Well, that’s a valid concern, I guess. That’s similar to how WhatsApp is end-to-end encrypted, but they might as well be sending your private key somewhere, or your locally decrypted messages. In the end it’s to a certain extent based on trust, unless you can and are willing to control and/or audit the critical parts.

this post was submitted on 10 Feb 2024
1 points (57.1% liked)

Bitwarden

733 readers
3 users here now

Discuss the Paswordmanager Bitwarden.

founded 1 year ago
MODERATORS