Proposal: Modernizing Encryption & AI-Driven Security Features

Feature Requests Password Manager
, ,
1

Hello everyone,

I’d like to suggest a few focused improvements to further develop Bitwarden and make it more future-proof:

  1. AES-256-GCM instead of AES-CBC
    → GCM provides integrated integrity and authenticity protection (AEAD) and is the standard in modern cryptosystems (e.g., TLS 1.3).
  2. Argon2id as the default key derivation
    → More secure and resistant to hardware attacks compared to PBKDF2.
  3. Support for Hardware Security Modules
    → Integration of Secure Enclave, TPM, and FIDO2 for enhanced device security.
  4. Post-Quantum Preparation
    → Evaluate the architecture to support hybrid or PQC-based algorithms in the future.
  5. AI as a security booster
    → Use AI for intelligent password evaluation, anomaly detection, and security coaching – not for cryptographic functions themselves.

These changes could bring Bitwarden up to date with modern security practices without compromising transparency or zero-knowledge principles.

Best regards,

3

Thanks for your ideas, but I closed this Feature Request (FR), as it contains multiple requests at once. Only separate requests for (more or less) one specific thing do make sense for FRs. (otherwise, it wouldn’t be possible to “allot” votes to one request)

Please search the forum - some requests might already exist, then add your voice and vote to that - and if you open a new FR, then for one specific thing.

4

Hello everyone,

I’d like to suggest a few focused improvements to further develop Bitwarden and make it more future-proof:

  1. AES-256-GCM instead of AES-CBC
    → GCM provides integrated integrity and authenticity protection (AEAD) and is the standard in modern cryptosystems (e.g., TLS 1.3).
  2. Argon2id as the default key derivation
    → More secure and resistant to hardware attacks compared to PBKDF2.
  3. Support for Hardware Security Modules
    → Integration of Secure Enclave, TPM, and FIDO2 for enhanced device security.
  4. Post-Quantum Preparation
    → Evaluate the architecture to support hybrid or PQC-based algorithms in the future.
  5. AI as a security booster
    → Use AI for intelligent password evaluation, anomaly detection, and security coaching – not for cryptographic functions themselves.

These changes could bring Bitwarden up to date with modern security practices without compromising transparency or zero-knowledge principles.

Best regards,
Feldi

5

Your suggestions, while they might have merit as a separate feature request, really are not focused on "Encrypt Bitwarden vault with Master Password/PIN + security key ", so they do not belong on that request.

As @Nail1684 stated, please limit any feature request to one topic. That includes both creating requests and keeping the discussion somewhat on topic.

Regarding #1 and #4, you might check out Quantum Resistant Encryption and maybe throw a vote or comment it’s way.

Regarding #3, you might check out
Sign into Bitwarden with a passkey / "Login with passkeys" and consider voting for it or adding a comment to it that furthers the discussion.

And, for #5, take a look at Making Password Management Truly Intelligent (using AI and automation features)