Hello.
From latest release notes: An extra layer of encryption in the form of a new encryption key generated for each individual vault item has been added.
But what is the benefit of using cipher key? according to this article, cipher key is encrypted with user symmetric key. Cipher text and cipher key are stored at the same table in DB, so what is the difference (by security pov) between encrypting text or encrypting key that encrypt text?
Individual item keys are more secure in some very rare scenarios, but more importantly, it enables implementing sharing of item without having to re-encrypt the item and attachments during the sharing process.
1 Like
With this new design, will unlocking the vault still cause the entire vault to be decrypted in process memory, or is it now possible to dynamically decrypt only the subset of the vault that is being actively used?
This new design does not change the state around how decryption occurs, but bitwarden methods to decrypt selectively to improve security and performance in our SDK.
If you have time, I would be very interested in hearing more about new/planned abilities to decrypt selectively, and the corresponding implications for security.
Nothing to report right now, but keep an eye on the Android and iOS repositories to see progress in-flight. And, as always, Bitwarden will update the security whitepaper to reflect changes to the security model.