Hello. I’m new to Bitwarden. While reading various threads on the forum, I came across a message that when the vault is open on a computer, it also stores a database with data that is decrypted when the vault is opened. If you simply close the vault, the database will remain on the computer. However, if you log out of your account, the repository will be deleted from your computer.
I also saw that the browser extension works a little differently and stores data in the cache or logs? I don’t remember exactly, sorry for the inaccuracy.
The question is this: if I close the browser with the extension, is this data (wherever it is) deleted from the computer? Or is it still there, just as it would be in the closed storage on the desktop version?
Does it pose any danger? Because I’ve heard that in theory, if all the cards are played and someone else gets hold of the database, they can decrypt it.
All client apps (browser extensions, Desktop app, etc.) work on the same design principle. While the app/extension is open and unlocked, the decrypted vault contents are stored in volatile memory. After the app/extension is locked (but open), or if the app or browser is closed, then the decrypted data are purged from the device memory. For as long as the app/extension remains logged in (even if it is locked or closed), a copy of the encrypted vault contents is kept in persistent storage (e.g., saved on the hard drive) of your device; this copy is sometimes called the vault “cache” — every client app instance has its own vault cache, so there can be multiple copies of the cache stored on the same device. When you log out of an app or extension, then the corresponding cache is purged, meaning that it no longer contains any of the encrypted vault data that was previously stored there.
I don’t know where you get that idea, but the whole point of vault encryption is that encryption is not possible unless an attacker knows (or can guess) the master password. As long as your master password is sufficiently strong to be uncrackable, your encrypted vault cache will remain an inscrutable blob of gibberish to anybody who has acquired a copy of it.
That is, there is no big difference in security between a locked vault and a logout system (even if in the first case the encrypted data is stored somewhere in the system) - as long as the attackers do not have/know a specific master password to decrypt this data?
And as long as they are unable to chance upon a correct guess even if their hardware allows automated testing of millions of password guesses every second (which would give them trillions of chances to guess the correct password in a week’s worth of computation).
For this reason, it is essential that your master password has been generated at random from a pool of at least a quadrillion possible options.
And so it is. For my master password, I used the random word generation tool from Bitwarden and made the number of random words more than the standard 4 (if I’m not mistaken) to be sure.
But in general, I think I understand. Thank you for the detailed explanation and your time. Have a great day!
