My understanding is that while the vault might be synced using a server, this is always done with an encrypted vault; that the vault is only ever decrypted locally, on a given device.
Is that incorrect?
If so, why is it necessary to specify the master password when creating the account on bitwarden.com?
I optimistically assume that the master password is hashed in the browser, and only a checksum or similar leaves the browser, but it still feels very odd.
Can a kind person explain this to me (and ideally reassure me)?
In addition to @bw-admin 's detailed article I’ll try to break down the question in a somewhat less technical manner.
If so, why is it necessary to specify the master password when creating the account on
The master password is used not only to encrypt your vault, but also to prove to the server that you are the owner of the account you are logging into. This proof is required for the server to give you the (encrypted) vault. Thus, no-one without your password can download your encrypted vault.
And yes, the proof is basically your password run through your account’s key-derivation-function (pbkdf2 / argon2). The result is then run through another key-derivation-function so that the proof sent to the server cannot be used to derive the encryption key of your vault. Thus, the server cannot use the proof in order to infer your master password, or your encryption key(s).
To add on to @Quexten’s excellent explanation, the doubly hashed version of master password that is stored on Bitwarden’s servers for authentication purposes is actually encrypted before it is saved in the cloud database, making it completely useless to anybody who gets access to said database.