Does Bitwarden use Secure Remote Password (SRP) protocol

The 1Password website claims that Bitwarden does not use the Secure Remote Password (SRP) protocol. If this is true, then it’s a potential security vulnerability in Bitwarden.

Can anyone confirm if this is true?

For relevance the related 1Password blog on the topic, as well as their public GitHub repo for the implementation of SRP.

Working my way through this one now.

@cksapp See also Appendix B in the 1Password Security Whitepaper.

The blog (nor the screenshot above) doesn’t make a case for why this extra “layer” is needed (i.e., what would be a hypothetical attack scenario in which the SRP protocol would make a difference?).

In addition, this article (which also contains some history of SRP and a detailed explanation of the protocol) concludes with a section titled Should I use SRP today? which does not exactly endorse SRP (e.g., it quotes the following excerpt from an article by Matthew Green: “In summary, SRP is just weird. It was created in 1998 and bears all the marks of a protocol invented in the prehistoric days of crypto. It’s been repeatedly broken in various ways, though the most recent [v6] revision doesn’t seem obviously busted — as long as you implement it carefully and use the right parameters. It has no security proof worth a damn…”).

Edit: On further research, SRP is a type of Password-Authenticated Key Exchange (PAKE), and as explained in this article on OPAQUE (a PAKE protocol that is superior to SRP), PAKEs are designed for the use-case in which servers handle passwords in cleartext. Thus, this approach does not seem to be applicable to a zero-knowledge login process such as that used by Bitwarden.

For 1Password to tout SRP as a differentiator over other password managers has the hallmarks of a marketing strategy rather than a real security benefit.