Does the new “Send” feature also have Zero-Knowledge? Meaning, the service has no real or potential access to secrets as they are send between users?
Yes! The send links are stored only in your profile/vault (though they’re not listed like other items, of course) - so Bitwarden cannot see them, only you and those you share the link with will have it.
1 Like
I’m not concerned with the Send links as I am with the potential compromise of the service itself. Would someone with access to the hosting service be able to access the secrets? Other secure send functions I’ve looked at this is a problem. You are assuming the hosted service has not been compromised as the key itself is created and/or stored server side.
I am hoping in the event that you add a password to the Send message the service has no access, real or theoretical.
And that adding a password would also encrypt any attachments.
The remaining issue to a secure send that after the info has been permanently deleted that it is non-recoverable on the service. This has also been a weak point. Has a secure delete function been run against the offending data?
Thanks
The links actually contain the keys to decrypt the data, which allows you to access the data without a Bitwarden account.
The Send data on the Bitwarden side is encrypted in the same fashion as passwords and attachments in your Vault.