Differences? Logged out vs. Locked w/ PIN vs. Locked w/ Master Password

What are the implementation differences and relative risks of different options to secure your vault?

This is my continuation of my quest [1][2] to get some clarity on Bitwarden app behavior, and understanding the differences between the many possible states that the apps can take on.

  1. What are the consequences of Logging In vs. Out? Is the main effect of logging in (i.e., successfully authenticating) that the encrypted Vault and the ProtectedSymmetricKey are delivered from the Bitwarden servers to the client? And if so, are the Vault and the ProtectedSymmetricKey both always stored on disk/persistent storage, or does the ProtectedSymmetricKey reside only in memory? Finally, when logging out, are the local copy of the encrypted Vault and of the ProtectedSymmetricKey immediately deleted?

  2. What are the consequences of Unlocking vs. Locking? Is the main effect of unlocking that the 512-bit SymmetricKey is determined by decryption of the ProtectedSymmetricKey, and then used to decrypt the Vault (or perhaps only individual Vault items as they are needed)? Presumably, the SymmetricKey and the decrypted Vault are both stored in volatile memory only – correct? So if this is accurate, then what happens when you lock the vault (using the Master Password, no PIN or biometrics)? Is the main result of locking that the decrypted Vault and SymmetricKey are both expunged from memory?

  3. What are the consequences of locking with a PIN? This is the question that I am struggling the most with, as there appears to be very little authoritative information out there. My hypothesis is that locking with a PIN causes the 512-bit SymmetricKey (available in memory while the Vault is unlocked) to be AES-256 encrypted using a “stretched PIN Key” instead of the StretchedMasterKey, where the “stretched PIN Key” is derived using the exact same algorithms used for deriving the StretchedMasterKey, except that the PIN string is used in place of the MasterPassword. If my working hypothesis is correct, then using the option to lock with a PIN, but choosing a PIN that is identical to the Master Password, should result in a new protected symmetric key that is identical the the original ProtectedSymmetricKey (that was derived using the MasterPassword). Is there anybody reading this who can confirm any of the above? I may be wrong about ending up with the same protected symmetric key when locking with PIN=MasterPassword, since there appears to be a random initial value involved in the AES-256 encryption. Basically, the reason I’m asking these questions is to understand whether locking using the Master Password only (no PIN) is equally secure to locking with a PIN if the PIN and Master Password are the same (or have the same entropy).

Thank you!