Something is bothering me with this entry:
If I’m right, it’s like this:
Crypto(masterpass,email) —> bitwarden.com/#vault
Giving that for a targeted attack, attacker just have to bruteforce the masterpass by replaying X times the crypto function since my email and the crypto function are not secret.
Attacker need to get the hash, but with mitm or server dump it’s still possible, since the hash is sent to the server.
And an offline attack is possible, since the database is replied back, attacker (or hotspot/proxy owner) can retain the hash and the database for offline hack.
I hope i’m wrong, but I like facts
Thanks in advance,