Hey Bitwarden Community,
I am asking myself how Bitwarden (and may other Password Managers too) offers the ability to recover passwords (on a technical level).
Bitwarden follows the Zero-Knowledge-Encryption principle, which means they only store encrypted data and didn’t know my password. Additionally, most cryptographic algorithms only allow one private key, such as RSA (I am not sure about the procotols used by Bitwarden). I assume they are using my password to calculate a private key, which is also not stored. Regarding those facts, there should be only one possibility to decrypt my data, my password.
How is it possible, to recover a password using an authorized phone or a token. Bitwarden shouldn’t be able to create such a token/code, because they don’t know my password.
I would be really happy, if someone could explain it. Technical explanations are welcome!
I am also happy for any suggestion regarding documentation or source code of Bitwarden.
Thank you very much!