Option to use P2P filesystem instead of server (IPFS)

app:all

#1

IPFS is a distributed, immutable, and P2P filesystem. It also includes a mutable naming system called IPNS. Using IPFS as a backend for vault storage has a few benefits over a server:

  1. P2P: out of human control.
  2. No worry about the central Bitwarden server being attacked and losing your data.
  3. If maintaining your own server, no need to configure, manage, backup, and protect your data manually.

This is a simplified version of how the software would function:

  1. Bitwarden encrypts passwords (vault)
  2. IPFS client adds vault to IPFS
  3. IPFS client sets the new vault hash (the hash that the new vault is at) to the user’s IPNS namespace (/ipfs/)
  4. To sync a client: fetch, decrypt, and merge the vault at the user’s namespace.

It’s a little more complicated than this, but the idea would be to have the option to use IPFS instead of or in combination with a server (for redundancy). I would love to hear more thoughts on this.

Refs:
IPFS whitepaper: https://github.com/ipfs/papers/raw/master/ipfs-cap2pfs/ipfs-p2p-file-system.pdf
IPFS documentation and implementations: https://github.com/ipfs/ipfs


#2

How would you authenticate? How would you protect your encrypted vault from being downloaded by others? (Bitwarden currently protects this with 2FA. Bitwarden servers will never send the encrypted database to you unless you provide a 2FA code)

Your idea sounds like a good thing… for a completely separate new project.

I would love to use it, but it is not a feature Bitwarden could implement without becoming a completely different thing altogether.


#3

I understand what you are saying. Authentication would be you knowing your link, since all the links are hashes of public keys. So you would have to generate a new key-pair and keep your public key secret in order to keep anyone from downloading the database.


#4

There’s 2 problems with using this kind of method that spring to mind.

  1. You can’t rely on “knowing your link” being the authentication method, because a) nodes advertise what data that they have stored and b) requesting a link is not a secure process, you effectively have to advertise that you’re after a particular link
  2. IPFS is a method of distribution rather than storage. You would either need to be hosting the data on an IPFS node that you control, or relying on a third party “pinning” service to hold the data for you. Either way, you’re sacrificing security and not really gaining anything