hello, I would like to know more about the security of this algorithm.
I’ve read about how the algorithm works and wanted to understand how secure it is.
I’m not an expert and ignore many things, but the questions are the classic ones, like:
-
how much is it more or less secure than entering the master password manually?
-
“(a) Auth-request public and private keys”: how robust are these encryption/decryption keys and the data it encrypts? how many bits? 256? 2048? What is the algorithm that implements them?
-
is it possible that the data transmitted between “initiating client” and “Registered devices” (and/or Bitwarden database?) is intercepted? what if they were?
-
what happens if hackers access the Bitwarden database? what could they do? e.g., if they change the “device-specific GUID” and add their devices?? (I think it doesn’t help them, because first they should login with email/password).
-
generic: this algorithm could it be cracked somehow or are there any security compromises I’m missing?