[SOLVED] Is Bitwarden truly zero-knowledge?

Hello all, new bitwarden user here, so please go easy on me for the dumb questions I am about to ask.

Bitwarden says it has zero knowledge of my passwords, that they are encrypted before leaving my computer. My question is: during the process of importing my passwords to bitwarden, aren’t the passwords uploaded in plaintext into bitwarden?

In my case I’m coming from KeePass 1.x. First I had to use KeePass 2.x to import the KeePass 1.x database, then export to xml format. Then I imported this xml file to my bitwarden account that I just setup at bitwarden.com. I don’t know anything about xml, so correct me if I’m wrong, but this xml file is not encrypted, essentially plaintext, right?

So during the initial setup of bitwarden, while importing my passwords, bitwarden can see all my passwords in plaintext, unencrypted.

I must be missing something. Unless the xml file exported from KeePass 2.x is encrypted, it appears bitwarden has *full knowledge *, not zero-knowledge of my passwords.

I’d appreciate it if someone can explain to me how the import process is truly zero-knowledge.

That’s a great question!

The short answer is that the web page where you upload your data, is actually a fully-fledged application that is zero-knowledge.

There’s another thread that answers this a little here:



Thank you, Trey, for the quick response! You put my mind at ease :blush: