Hello everyone,
I’d like to suggest a few focused improvements to further develop Bitwarden and make it more future-proof:
- AES-256-GCM instead of AES-CBC
→ GCM provides integrated integrity and authenticity protection (AEAD) and is the standard in modern cryptosystems (e.g., TLS 1.3). - Argon2id as the default key derivation
→ More secure and resistant to hardware attacks compared to PBKDF2. - Support for Hardware Security Modules
→ Integration of Secure Enclave, TPM, and FIDO2 for enhanced device security. - Post-Quantum Preparation
→ Evaluate the architecture to support hybrid or PQC-based algorithms in the future. - AI as a security booster
→ Use AI for intelligent password evaluation, anomaly detection, and security coaching – not for cryptographic functions themselves.
These changes could bring Bitwarden up to date with modern security practices without compromising transparency or zero-knowledge principles.
Best regards,
Feldi