I am considering my security key an extremly secure login method as second factor. But still I am concerned about the fact that the protection of the whole vault is only relying on my master password from a cryptographic perspective. As far as I understand the encryption of my vault is a 100% derived from the master password without any salt that comes from something offline - or to say it differently - from something that cannot be keylogged!
And this is exactly what I am concerned about because I consider keyloggers/trojans the most likely and most strikting attack vector (more likely than the famous $5 wrench attack known from bitcoin): I see especially my wife and kids exposed to this risk and I consider it some sort of my admin-responsibility to protect the whole family within my bitwarden family account model and to offer a solution, which also protects from keyloggers and trojans…
What I actually want is:
A method - maybe with the help of some offline device - which is part of the encryption/decryption process and not only needed to confirm an active login to the vault…
The important aspects are:
there needs to be some either second factor part of the encryption/decryption mechanism (which does not need to be typed into the keyboard on the computer and therefore will never ever be exposed to a trojan/keylogger) or there must be a offline device involved (e.g. like ledger nano or yubikey), which is able to do some cryptographic magic on the device that relies on some trusted module/chip from the device and will only return the correct hash/key if using exactly this device.
an possible attacker should not be able to decrypt my vault if he successfully keylogged my masterpassword (independent from how he gets a copy of my vault… maybe from the bitwarden server, maybe silently downloaded from my computer). My second factor offline device must be needed for decryption of the vault and not only for logging in.
Is there a known solution how this could be established?
I actually thought about the FIDO2 pin (which is currently not needed for bitwarden) as part of the encryption algorithm/method. It will be also typed in on the keyboard of your computer but as far as I know some internal magic occurs inside the device and then the device sends some magic output back to the system, which I hope can only be created on this one physical security key and would result in something different on another security key. Therefore even if the attacker also keylogged the pin, he would not get all of the information he needed to decrypt the vault. Feel free to correct me … Unfortunately I am not an expert on this.
1password security key is not the solution!:
I’ve been following the discussion here: add-optional-secret-key
1password uses this so called secret key as additional salt and some people think that this is an added security layer, which might fullfill the requirement I described above. I have to admit: it is an added security layer if you consider a great master password to have only 60 bits of entropy, as 1password does. If you have a character set of 90 unique characters (26*2 letters, 10 numbers, 28 special characters) 60 bits of entropy (== 2^60 == 10^18 possibilites) are equal to a password with only 9 digits… I don’t know for which reason 1password considers this a great master password. Possible because they are mostly dealing with the apple ecosystem and expect the average user not to accept having to remember or type in anything longer than 9-10 digits.
Your Bitwarden vault is protected by your master password, salt (email address), and iterations. That is then sent to the server where it’s given a random salt and 200k more iterations before being stored for login purposes.
It’s hard to defend against malware, it’s like trying to protect your home from a burglar when the burglar is already in your home. The best advice is to keep your computer up to date and run anti-virus software.
Life is not like the movies, don’t let your paranoia get the best of you.
I believe you already mentioned the solution here - enable 2FA with a physical security key. Even if the attacker has your master password, they can’t access your vault unless they possess your security device. And it can’t be phished either.
I don’t exactly understand. I tried to explicitly point out that the security key will only prevent an attacker of beeing able to activly login into the web version of my vault (stored encrypted on a biwarden server). So he cannot just go to his computer and use my bitwarden email and the keylogged masterkey to login. But he does not need to if he was able to keylog the master key. He just needs to decrypt the local copy of the vault or an encrypted *.json copy of the vault, which I created as backup or similar…
Don’t you consider trojans/keyloggers the most likely attack vector?
Is it so unlikely that a password manager should not offer a soluation to protect you from it?
Your Bitwarden vault is protected by your master password, salt (email address), and iterations. That is then sent to the server where it’s given a random salt and 200k more iterations before being stored for login purposes.
Does that have something to do with my question? I mean: Maybe I missed an important point. You seem to understand the technical details:
If someone keylogged my master password (and of course also the mail adress, which is used to login into bitwarden…) and if he got access to my encrypted vault (e.g. via the encrypted *.json file): could he decrypt the vault or not?
What I mean is: As far as I understand it: all the hashing and salting and the large number of iterations will only protect the encrypted form of my password, which is stored on my computer locally and stored on the web vault of bitwarden. But if someone steals the original master password (by keylogging when I login to bitwarden…) and an encrypted copy of my vault (e.g. from an encrypted *.json file), all those hardware security measures are totally irrelevant. And the hardware security key is also irrelevant because the security key will not be needed to decrypt the database itself. The hardware security key will protect me from being phished by accidently clicking on a fake bitwarden webpage and logging in there…
The attack vector of being infected with a trojan or a keylogger is relativly huge and totally realistic in my opinion … a lot lot more realistic than someone really trying to brute force the bitwarden webvault…
And I just don’t get why there seems not to be any option to protect against it and why you for example seem not to see any necessity to protect against it…
As far as I understand the encryption of my vault is a 100% derived from the master password without any salt that comes from something offline - or to say it differently - from something that cannot be keylogged!
There is a salt, it’s your email address and that with your master password is used to make your master key which is used to encrypt your vault. Server-side Bitwarden goes a step further with another salt and more iterations, but this doesn’t help in a local attack.
You’re correct that 2FA of any kind is pointless in protecting your vault locally. That is why I say in my next section that malware (keyloggers or whatever) is a hard battle to win and the best thing you can do is keep your computer up to date and have AV software.
There does not exist any password manager that can protect you against malware once it’s running on your machine. There is simply nothing that can be done. Even people who manually enter passwords still would be affected as they still need to enter the passwords for things at some point.
Don’t let your paranoia get the better of you. Security is about trade-offs and password reuse is a far bigger threat than someone hacking your password manager. Keep your computer up to date, run AV software and use a password manager and you’ll be doing better than most people.
I am sorry, but I am not following your hypothetical example here. Are you referring to someone who has control over your computer as well as a key logger to steal your password? If that’s the case, then all of this discussion is moot because the attacker will have access to all the secrets stored on your computer and a means to decrypt them.
Otherwise, remember that you must physically posses a security key, like a FIDO2 U2F device. So, if an attacker only has your master password they still must acquire your physical 2FA device to access your vault in the cloud, which is the scenario I was speaking to. Cheers!