An important feature of Bitwarden’s model is the security of your vault. From the help pages:
- Bitwarden does not store your passwords. Bitwarden stores encrypted versions of your passwords that only you can unlock. Your sensitive information is encrypted locally on your personal device before ever being sent to our cloud servers.
Nice. To be clear for casual readers and also to let others correct me if my understanding is wrong: All these encrypted passwords are contained in (i suppose) one blob, called the vault. This vault is encrypted with your master password.
So one could assume there never is a need to send my precious master password over the internet. After all, the vault is being encrypted and decrypted locally before/after transported to/from Bitwarden’s servers.
However, this does not seem the case. Currently, Bitwarden asks you your master password to grand access to your web vault.
Why is that? And would this not be a marvelous attack vector? Assume Bitwarden server’s are hacked. Then with your master password the rest of your vault is also compromised in just one step. (The risk can be minimized by not using the web vault. For example: i used it once to set up my account, get my license for 2fa and for the rest i use a bunch of the clients.)
It could be that the master password is hashed locally and the hash is send over the line. That would be better (and i would like to know if that is the case) but even then i do not understand the reason to use the master password for this purpose. Please help me out if there is!
Feature request:
Separate the master password from the login password to any Bitwarden service. There should be no need to use the master password to gain access to the web vault. Currently the master password is not truly local.
All this poses a question: in order to synchronize local copies of the vault, the clients must somehow authenticate with a Bitwarden web service and update the vault. How is this safely done? (also) Using (a hash from the) master password?