Bitwarden online password manager - zero-knowledge?

I can understand how zero-knowledge encryption can be made to work with password-manager apps that are installed on local, personal devices such as computers, phones etc… Clearly data can be encrypted/decrypted exclusively locally while only encrypted data ever resides outside of those devices e.g. in the cloud.

However, I cannot understand how it is possible for zero-knowledge encryption to work on a hosted cloud platform, such as bitwarden’s online password-manager.

Is anyone able to briefly explain how it can be possible for the bitwarden web-server to present a user with their unencrypted data (e.g. passwords) without that web-server necessarily having access to the decryption material required to decrypt and present the plaintext data ?

For example, I can login into my bitwarden online web-vault and browse the passwords of my managed login (in plaintext). It seems to me that this should be impossible, unless bitwarden’s web-server has access to my bitwarden master password which would, by definition, violate the principle of zero-knowledge.

I accept that this may be a question about web-server security, in general, rather than bitwarden per-se - but it is fundemental to bitwardens claim to be zero-knowledge.

I would be very grateful if anyone can offer any clarity.

They download javascript to your browser that does the decryption and all the UI work. Effectively, is little more than a file server.

1 Like

thanks - that make sense - and certainly explains, in general, how client-side javascript could be used to allow plaintext content to be served to a client, while preserving zero-knowledge.

in the specific case of bitwarden’s online vault - do you know where in the open-source code this is actually implemented, or called: Bitwarden · GitHub ?

Not the expert in thier source, but here is my best guess:

I couldn’t find it.

Is there anyone in this community, or from Bitwarden, who can identify the location of the source-code that preserves zero-knowledge of the user’s master password, while allowing the bitwarden webserver to serve plaintext content (including passwords) to the user’s browser ?

There is no one place in the code where something like that happens.

Have you looked in the folder below? That seems to be where some of the key vault data are rendered in your browser.


But if you don’t trust what Bitwarden claims in their Security Whitepaper, then perhaps you should not be trusting Bitwarden with all of your passwords. If they are lying about zero-knowledge encryption in the Whitepaper, then how can you be sure that the Bitwarden apps and Web Vault Javascript code actually correspond to the code published in their GitHub repo?

Edited to Add:

If you are concerned that Bitwarden is transmitting unencrypted data over the internet, you can do this simple experiment:

  • Log in to your Web Vault.
  • Lock the vault (but do not close the browser tab). If you believe the whitepaper, locking your vault erases all unencrypted vault contents from your device.
  • Now disconnect your device from the internet (e.g., put the device in Airplane mode).
  • Unlock the Web Vault in the open browser tab.
  • Browse your vault contents.

Does this allay your fears?

1 Like

thanks for the more specific pointer into the source-code - I’ll check that out.

regarding your comment “if you don’t trust Bitwarden, then perhaps you should not be trusting Bitwarden with all of your passwords” - please bear in mind a couple of points: firstly, there is a difference between blind-trust and verification. in my case verification may involve a little learning about client-side javascript, plus any helpful pointers (such as yours) to any relevant sections of source-code. secondly, bitwarden’s password manager can be evaluated, initially, with a few low-risk or dummy logins. this way the full range of features can be explored - not just the data security claims - and all before making any leap of faith.

You ask “how can you be sure that the bitwarden apps or client-side javascript actually corresponds to github?”. Good question. I would hope, like most apps, that any bitwarden github downloads would come with a verifiable checksum or signature that can be compared directly with the corresponding apks that one can source directly from playstore, f-driod, aurora etc. If this turns out not to be the case, then bitwarden’s open-source offering on github would be of limited for its main intended purpose: advertising and demonstrating transparency between marketing claims and the actual code that runs on the apps. another more arduous but also more fun, informative and hands-on way to compare github vs actual code would be with a computer browser and (very) liberal use of F12 to inspect the actual client-side javascript code.

I’m not entirely sure what the suggested experiment really proves but perhaps I’ll try it out later.

Well, you seem to have some paranoia about Bitwarden’s Web Vault not being truly Zero-Knowledge:

The hypothetical scenario that you have posited above would require your web browser to send the master password to Bitwarden’s cloud servers, which would then decrypt your vault data (e.g., a stored password) and send the decrypted password to your browser.

Please explain to me how this would be possible if there is no internet traffic between your browser and Bitwarden’s cloud servers.

its not paranoid to ask questions or to seek independent verification of claims

it has already been acknowledged in this thread that the apparent violation of zero-knowledge demonstrated in the scenario described in the original post could indeed be resolved with the use of e.g. client-side javascript

hopefully this obviates the need for any further discussion or experiments to prove or disprove the validity of that particular scenario

however it must also be accepted that client-side javascript could equally be used to do any number of potentially harmful things. this is exactly how password phishing scams work

its important at this point to clarify that this is posited as an unverified possibility and not as statements of fact

the next step in independent verification would then be to locate and study any such client-side code to satisfy oneself that it is indeed zero-knowledge (hence the previous questions about the locations of this code)

and of-course to verify that the code used by the apps and web-vault is indeed the same as the open-source code advertised on github (hence the previous discussion about checksums)

This is routinely done.

If you wish to see the code running in your browser (as opposed to the GitHub repository), your best friend likely is DevTools, inbuilt into chrome.


I still fail to see how Javascript can steal any information (by phishing or otherwise), without an internet connection for phoning home to the mothership.

Go for it, then…


under the specific conditions of your test, which precludes an internet connection then, agreed, no data can be transmitted

however, the rest of the time, under normal circumstances, there will be an internet connection which does permit the possibility for data to be transmitted

thanks - and yes - if possible - im keen to verify the claim of zero-knowledge for myself, by examination of the code, rather than taking it on trust from bitwarden, auditors or any other party

details of the audit is still very useful and interesting though - so thanks for the link