Take a look at the storage section, it specifically state that local storage is encrypted.
I am no security person, but I know enough to know that you need to have encryption at rest and encryption in transit. Say you are transferring encrypted data, first it needs to be stored in an encrypted format since it would be fairly easy to break. Secondly, the data transfer over the network need to be encrypted too or you can just plug in a network packet analyzer and read off the data. The only logical place to encrypt your data is on the device. The data on the Bitwarden server is essentially the same data as what you locally encrypted and then sent out.
Yes, you have to decrypt the data at some point and it’s possible to read off that data if you know how to look but it would be like finding a needle in the hay stack. Think of an entry as a person in a stadium full of people. You can see everyone, but If you don’t know what the person look like, how would you look for this person?
Thanks for reminding me – this is partly what I mean by wishing they would provide a summary or a table that places all of the information in one location!
In response, I have revised my previous post to strike out some of the statements.
This sounds like reliance on security by obscurity, which is generally frowned upon…
In the article you list for last pass, it list a particular vulnerability of Last Pass. I haven’t looked at that part of the code, but that vulnerability is specific to last pass. I rather doubt Bitwarden would not not encrypt URL for some reason.
Exposing info due to decryption is not is not security by obscurity, but a limitation of computing. A password manager must keep its data encrypted. Even if you get access to the memory, you will just get encrypted gibberish. However, if a password is to be filled, the data must be decrypted, at which point it will become visible. There is no way around it. You have to minimize the amount of data and the time it is decrypted.
Still, this does not mean someone can easily spy on you. Modern computer and phone has memory protection, which prevents non-system program from accessing other program. Malware will have to elevate themselves to system access, which is no easy feat because the OS guards against that and any exploit will get caught and be removed by the next OS update.
By keeping the vault encrypted and only decrypt as needed, you restrict what can leak out. There is no way to make a completely secure system that is still usable.
Replying to myself (for the benefit of other readers and for my own future reference):
I found this very helpful interactive tool that demonstrates the different aspects of Bitwarden’s cryptography algorithms – I just wish it was annotated:
Why TPM/Windows Hello couldn’t be used for this? A user would enter their PIN to retrieve the master password from the TPM, and TPM has a brute force rate limit.
The common complaint in this thread and others is that BW doesn’t explicitly document how it protects the keys/secrets on each platform. You want to know explicitly? The answer is, look in the code.
AFAIK, BW doesn’t ensure that any secret is TPM protected, but it does use Rust library code that stores secrets into the Windows keystore. The code in question supposedly stores the secrets in TPM when the conditions (unknown) are right, although BW doesn’t ensure it by calling another function to see if the secret is protected by TPM or not. I suppose the only way to know is to build a local copy of BW, stick in the said function, and observe the output of the function.
Currently, assuming no malware on your system, even without TPM protection, the user is limited to try the PINs just 5 times. After that, BW requires entering the master password.
The rust library for windows’ secret store is used for biometric unlock, to store the biometric-protected symmetric key. Other than that, it is not used.
Currently, assuming no malware on your system, even without TPM protection, the user is limited to try the PINs just 5 times. After that, BW requires entering the master password.
Just beware that this “assuming no malware” means that it is a UI only feature. A malware or otherwise malicious user with technical know-how can circumvent this limit.