Hacker News new | comments | ask | show | jobs | submit login
Bitwarden Completes Third-Party Security Audit (bitwarden.com)
298 points by drpfenderson 70 days ago | hide | past | web | favorite | 142 comments

We used LastPass for several years in our home, mostly because it was able to fill Firefox http basic auth dialogs. When Firefox switched to the webextension format, LastPass started using the Chrome version as the foundation for Firefox. This was a huge step backwards and my wife HATED it.

The biggest problem she had was that it was that the standard workflow of it capturing generated passwords became unreliable and it stopped automatically tracking the random passwords it generated. Whatever it was that she was doing, she kept losing passwords and getting locked out. It destroyed her trust.

We tried Bitwarden. It doesn't require the same leap of faith to use a random password. They're saved first before you use them. The usage flow isn't quite as smooth as LastPass was, but she hasn't lost any passwords since the switch.

She's almost forgiven me for making her use a password manager. Almost... :)

Yeah, I noticed the change in LastPass' behavior. It turns out that it actually DOES save the random passwords it generates... it's just very well hidden. If you generate a random password for a site, register your account, and LastPass does not catch it and doesn't prompt you to save the account info, it's not lost. If you open the 'Generate secure password' page by itself from the context menu extension, you'll get a new random password. BUT, if you click the down arrow to the right of it, it will drop down a list of the prior generated random passwords for at least that browser session.

Utter madness, but it saved me a couple times.

That is very good to know! I've resorted to copying the new password to a temporary text file and then deleting it after I can confirm it's saved, which is an idiotic workflow, so very glad there's an alternative.

They added that feature after I and probably other users complained about it stupidly losing set passwords after the UI revamp.


Very similar for me but with 1Password instead of LastPass.

My only complaint about Bitwarden is that the desktop app on macOS does not have support for Touch ID which is a shame. It has been a requested feature for a long time but no progress seems to have been made.

The desktop Bitwarden app is Electron based so I don't know if that is an issue or not.

Overall for £10/year for Premium or legitimately free if you don't need the Premium features you are a fool to not use it imho.

Switched to Lastpass half a year ago and it's been a rocky move (I didn't have a password manager before). It's consistently been painful to use. For example, my work email transfers between different domains for log in versus viewing and I think even a third. Lastpass never manages to suggest the password at the right time because of this and I always forget where to find it. The mobile app routinely makes me type my long passphrase in twice in a row which is painful because it's easy to typo it. I also don't trust it saving randomized passwords it generates so I always have to copy them to clipboard and confirm that the account was added properly. I have had problems where data did not sync; I could see it in Mobile but not desktop or vice versa. It had been in my account for weeks at that point. Maybe I should try bitwarden.

LastPass has gone downhill since the acquisition. It's horrible compared to what it was before.

I moved from Lastpass to 1Password recently. Neither fill basic auth dialogs, and both companies state this is a feature not a bug. It still pisses me off.

I read a while back that browser-based password management with autofill is a big security risk. I can't remember the details, but the article author cited some actual exploits that have affected browser-based password managers.

I was considering switching to KeepassXC in response but didn't get around to it.

I use the desktop app. With a global hotkey it's easy to paste passwords into SSH logins, secrets into vi, etc. With the added benefit of not having to rely on Chrome to isolate your entire password archive from the internet.

This is partially because browsers don't have decent API to handle basic auth. Bitwarden will log you in via basic auth if you only have 1 matching entry for the URL but surely things can be better than this...

In the age of open source browsers that's only an excuse if they're being blocked from contributing an API.

Are you suggesting password manager devs start sending patches to browsers? Getting used to all browser API isn't exactly easy to begin with, let alone there aren't many who has enough motivation to wait for that implementation to become wide spread for it to finally solve a problem that is only used by a few.

Also: it has a 50% (and decreasing) success rate at actually filling in passwords and no quick menu to copy/paste them.

Lastpass has been on my "replace at next opportunity" list for a while now. No time like the present.

I slowly migrated into LastPass from 1Password but could never be convinced to just give up on 1Password. I've heard many say 1Password is inferior for a variety of reasons, but it also works, which is important. And my wife uses it, which adds value. And then LastPass just started fading. To the point I really only keep it around to recover passwords that I didn't put in 1Password for some reason.

Last Pass still saves generated passwords, it's just become a hidden feature for some reason...

Each generated password is visible in the triangle drop-down to the right of the generated password. This list resets on restarts

>When Firefox switched to the webextension format, LastPass started using the Chrome version as the foundation for Firefox.

The backward change started after logmein bought lastpass.

Yes, I use KeePass and Kee for Firefox. Before WebExtensions it was perfect. Now, it has a dialog that tries to intercept basic/negotiate auth, but it never works.

Luckily, keepass has a very nice auto-type functionality that works perfectly with basic auth dialogs. Now if I could just disable the Kee dialog that doesn't actually do anything...

Is your "Always show global auto-type entry selection dialog" option checked in the Options \ Advanced \ Auto-Type section? Mine is unchecked, and for sites / applications that only have one entry, it just enters it without showing a dialog...

Ahh that explains it. I've definitely sen a deterioration in performance by the last pass extension.

FYI: There is also a full history of generated passwords available in each Bitwarden client app. So if you manage to lose one during the onboarding process, it should still be available in the history log.

This is true of Lastpass, too. Just click the down arrow next to the generate pw field.

I didn't realize that. That is very useful to know. Thanks!

Ironically, this describes the exact problem I've been running into with Bitwarden on Safari.

Still less buggy than Lastpass's Safari extension though...

>On a less positive note, the assessment of the deployed cryptographic design led to the discovery of certain issues that must be addressed in due course. One was rated “Critical” because a malicious vault could obtain and modify organization items. This approach relied on MitM attack described in BWN-01-008. The overall code quality of the crypto implementations was deemed to be overly complex and frequently misleading, which led to reporting a false positive issue (see BWN-01-011). More generally, cryptographic libraries of the Bitwarden compound have not yet been optimized. They particularly need to be simplified as unnecessary complexity can lead to problems.

>To reiterate, the results of this autumn 2018 assessment are positive for the client and code. Sadly, the same thing cannot be stated for the current cryptographic scheme in use. Given the number and range of issues discovered, it seems necessary that a re-design takes place. This needs to reassess how certain features are implemented and ensure that the overall cryptography stands strong against the attackers’ efforts.

Um. Is this not worrying to people?

@Aquakor I am the lead developer of Bitwarden and was intimately involved in the security audit mentioned. I can understand that those two paragraphs may seem a bit concerning out of context. To provide more context, there were several points discussed between the Bitwarden developers and the auditing team about how we could redesign specific features (ex. organization user confirmations) so that the crypto implementations would be stronger and more resilient against certain attack vectors. A consensus was reached and that is what is being referenced here about re-designing things.

The purpose of an audit like this is to find issues. When issues are found, that is a good thing. We want to find problems so that they can be fixed. What would be bad is if we found issues that could not be properly fixed, or an abnormally large number of issues, neither of which was the case with Bitwarden. What I can tell you is that all issues referenced in this audit have already been resolved in very short order (the audit was only completed just last week), with relatively simple fixes, and that Bitwarden is even safer to use today than it was before.

Can anyone knowledgeable comment on this. Right now I'm using enpass and trying to wonder if BitWarden would be better. Enpass has some issues when if sync fails it doesn't really report that (for me at least). I also have had some issues when I'm in a trusted machine (at work) but not my own when having a web-vault access might be good.

On the other hand I do love the no cloud mode of enpass which potentially of makes it slightly more secure (a cloud for password storage would be a juicy target). It also means I have a local backup of all my password in my devices in case of some issue including bitwarden web vault being down.

yeah, that seems like the sort of thing you would never want to hear from an audit. the only thing worse would be known breaches.

Is it good to release this audit so soon? Wouldn't it have been better to release it in 1-3 months after they fixed the issues so that they don't alert attackers that there's an opportunity? Actually curious what the best practice is and why it is so.

There's a Rust implementation of the BitWarden server which is compatible with the open source clients, that you can run really easily in Docker:


Im running it via Dokku and it has been rock solid. It's way lighter than running their reference server implementation.

Yup, the Rust version is what I include with in HomelabOS (https://gitlab.com/NickBusey/HomelabOS).

It's been fantastic, really solid and generally pretty fast. Far, far easier than trying to get the standard Bitwarden stack going. That said, the standard stack is meant to support many users, where I have only tested the Rust implementation with a handful of users.

For reference, the official implementation uses MSSQL, and it's asking for 2GB memory instances, so I can see people liking alternatives.


And there are also other third party implementations too,

Go : https://github.com/VictorNine/bitwarden-go

Ruby : https://github.com/jcs/rubywarden

Personally, I don't recommend anyone without much knowledge in security to use "personal servers" to reduce threats. Even if it's in a private network, a server/container/whatever without recent security patches/proper configuration is no way more secure than well-managed public ones.

Six months or so ago, I switched from KeePassX with manual file synchronisation, to using bitwarden_rs on my own server, which runs Arch Linux, via a package on AUR. I haven’t had any trouble with it so far. The current version has been running for almost a month, and its resident memory is currently just over 11MB, viz. low and stable. That’s also roughly the size of the package and its data on disk.

I do also have the optional web interface, which isn’t Rust; it uses inordinately much memory while building (https://github.com/bitwarden/web/issues/250) but is fine after that.

I look forward to testing it.

I was using the ruby version, but I didn't know a rust one existed as well.


Since Bitwarden added sub-domain support and fixed the speed-issues on large key-bases, I absolutely cannot live without Bitwarden it's been absolutely flawless.

Previously used Lastpass for 8 years.

So glad to see that it's security taken seriously by the developers!

>Previously used Lastpass for 8 years.

As a longtime Lastpass user, this is the comment that made me go check it out. Are there any big pros or cons you have run in to compared to Lastpass (aside from the ones you listed)? I'm asking about actual functionality, not about the it being open source and such.

I used LastPass for roughly a year before making the switch. I also switched from Chrome to Firefox at the same time, on Windows and Android. Desktop - no issues!

Android is evolving, and their changes seem to have put Firefox in a slightly behind position, which I think they're almost caught up on. Basically, there's legacy and modern autofill capabilities in Android, and Firefox is working on closing the gap. In the production release, I am unable to use the BitWarden android app, but there's an add-on that mostly does the job.

I have two issues with the add-on. First, it tends to disappear from the menu. There have been some bugs on BugZilla for this, including one I recently submitted. Of course, quite fortunately, I haven't been able to reproduce the issue since I submitted the bug and installed Nightly. And it's interesting - Nightly seems to work with the app, so the need for the add-on should go away. Second, the add-on is a little clunky. It opens a temporary tab, and then closes that tab when you select your login. However, there's an issue there, too, where sometimes it just does not work. It throws up an error message that it's unable to autofill, and there's little you can do about it except close the temporary tab and the original tab, and start again.

The Android app also has an issue that I've seen with Chrome, where it isn't actually detecting the site you're browsing, but just the app you're using (Chrome) and thus is unable to select your login. This is easy to get around - usually going back to Chrome and then tapping the BitWarden toast will find you your login.

Overall little nuisances that are mostly Android related issues more than anything, and each of them seems to be getting worked out, so I expect the user experience to only get better.

In Firefox, you can also open Bitwarden in a sidebar (which doesn't disappear thankfully).

Firefox for Android?

That's where my issues are. How do you open the sidebar?

Can you ? How? I don't see any option.

I've been a paying LastPass user for over 8 years. I switched to Bitwarden a few months ago. It's so much nicer to use than LP.

LP's extensions and mobile app have gotten slow and clunky. Bitwarden's software is fast. Unlocking LP in Firefox would take me 10+ sec. Bitwarden takes about a second.

The only downside I've found so far is that Bitwarden doesn't have an inactivity logout, only timeout. This makes me log in more frequently than I'd prefer.

Here's my end user take on it. I have moved from LastPass after almost 10 years and going to stick to it for two main reasons:

1. It's cleaner and doesn't feel bloated

2. It's open source.

However I wish:

3. They would have some consistency between mobile (iOS) and extension (Safari) UI (because imho extension actually looks like a mobile UI, I find iOS UI less useable)

4. They would do away with load time that I often notice when I open extension even though data is stored locally.

5. It doesn't maintain state or save info when I leave the extension popped up and then move away and come back to it. Also, It also doesn't save auto generated passwords with the "url" it was generated on which often renders password history useless.

6. For everything I have to reach all the way to the browser bar extension button and I don't get any option in the text field itself which was pretty good in LastPass.

I wanted to move to KeePass and while it has an excellent app for desktop (native MacPass is fantastic!), but I could hardly find anything even close to useable for Safari or iOS.

Thanks for the info.

I tested out Bitwarden after I posted this question yesterday. Regarding #6, that did bother me as well. I wanted to let you know there's a fix for that (at least in Chrome there is, I don't know about Safari).

Settings > Options > Enable Auto-fill On Page Load - that will automatically fill out the login forms like LastPass does by default. But I do wish they had the option to disable this on a per-secret password like LP does.

Also right clicking on the page will give you a Bitwarden context menu which provides an auto-fill option (Right Click > Bitwarden > Auto-fill > Pick the secret). This is actually more steps than clicking the extension button at the top (Click extension button > click secret), but at least you don't have to move all the way to the top of the page.

Again, this is in Chrome.

i also used lastpass for 7 or 8 years, premium even. the chugging speed was turning me off, so i gave BW a whirl. i switched a few months ago now and have zero regrets or issues. it's basically interchangeable as far as features i use, except it's faster. even better, it's open source, the ios app is free, and now it's audited. i'm very happy with it.

How is the form fill for information besides username and password (e.g. credit cards, personal contact info) compared to LastPass?

I only use it for autofilling my CC and it works fine. A couple of sites don't play well with setting the expiry month via dropdown menus but otherwise it is solid.

I used Lastpass for about 5 years and moved to bitwarden a couple of years back. I never had to turn back again. The browser addons are great, but the mobile app is fantastic, simple, usable and lightweight. It's great to hear that it's pretty secure too.

From your experiences is there any downside or drawbacks with switching? I've been considering it, particularly as Lastpass's Firefox app has been flakey and unreliable.

In general Lastpass has become less reliable since the LogMeIn take-over, and they've now added ads to the vault which bug me from a security perspective (even if I happily pay $2/month, it is the principle of putting profits over security).

I'm a former last pass user as well. I made the switch about a year ago, and haven't really looked back.

That being said, there are a few things that annoy me about bitwarden.

For some sites or apps in iOS, you can launch a password manager to retrieve your credentials. This sometimes but does not always have bitwarden available.

Sometimes when launching bitwarden from an app, it will only show you the logins associated with the URI for your current page. But if you're launching it from an app you can't search for the right login.

These are small issues, which I usually mitigate by just launching a full on session of the app and copying the password.

I had to break a habit (I guess I picked it up from last pass) with the extensions as well. If you click away from the extension box, it will lose your context, and you can't restore it. I have had to restart filling out the credentials more than once because I didn't click save. Also, I think it takes too many clicks to create a new login with a generated password and save it.

Overall, these issues are minor for a good free product, and I would recommend it. I use bitwarden on FF, Chrome, and iOS, for context.

> I think it takes too many clicks to create a new login

As a very happy BW user, this is probably its weakest point at the moment. It improves a bit if you click the "do you want Bitwarden to save these credentials" banner, but still suboptimal (the captured URL is unnecessarily precise).

I don't think they can solve this problem though, unless they get a sidebar - which may not be possible with WebExtensions (I honestly can't recall).

> Sometimes when launching bitwarden from an app, it will only show you the logins associated with the URI for your current page. But if you're launching it from an app you can't search for the right login.

This changed with the recent release of iOS 12 autofill in Bitwarden. If there is no credential found based on the app/website address you have the ability to search the vault for it.

Another LastPass user of ~5 years. I was actually dreading the switch, just because of the amount of time I had spent using it (mostly always Premium). That and I have a workflow within the family for sharing, etc.

I planned on a week long switch over to make sure things went smooth. However after switching, and validating all common accounts has been imported correctly I just never had to open LastPass again. This took all of 2 hours.

BitWarden has the upper hand in three key areas for me: Android, FireFox and CLI. The LastPass extension for FireFox has become downright useless and that was the main catalyst for me switching.

I've switched now about a month ago and can't imagine going back. It just works like you'd expect in most situations. I'm fighting it less than LastPass and my store of passwords is all cleaned up and far more sanitary. LastPass lets you make a mess far easier, so a nice side effect of BitWarden is that the structure is more prescriptive but I've been yet to bump into an area where it's blocked me from doing what I need.

Highly recommend BitWarden if you're fed up with LastPass and FireFox.

I know this is highly specific, but it's something I've struggled to find a good answer for.

Do you use Android 8+ with Firefox release and the BitWarden app?

I'm on Android 8.1, Firefox Release, and I haven't been able to get the BitWarden to pop up toast notifications and autofill in Firefox. (This does seem to work with Nightly, but that has crashed too often for me to use it regularly.)

Was there an import/export process you used to transfer your existing safe?

I don't have ads in my vault. Are you a premium user?

Great browser addon? The one I'm using (the official one) could definitely use some improvements in UX and security

- when I open it my master password is prefilled and you can just unmask it - either don't prefill it and have me enter it or log me in immediately

- when creating new credentials it defaults to master password again that you can just unmask. And the URL is empty instead of the current URL

- everytime: I open a site in bitwarden, copy the username, paste in the form field in browser, open bitwarden and it's on the login page again - why can't it remember where I left of so that I could copy the password too?

EDIT: in Firefox

Regarding your first two points, this is a long shot but maybe it will help: I had a very similar problem with LastPass where password fields in the LastPass UI kept being pre-filled with my master password, even in places where there seemingly should never be pre-filled. It turned out that I had accidentally enabled my web browser's autofill/password manager functionality, and every time I visited the LastPass extension's internal URL, my browser was autofilling every password field with the password that my browser saved.

Once I turned off the password manager feature of my browser (I didn't need it anyway since I was using LastPass) it solved the problem.

Hah that did it. I'm sorry for criticizing BitWarden when it was my own fault

Master password is never prefilled on mine. Not to log in to it or to create new credentials. I can't even see that as an option.

You don't happen to have that password set up in your browsers own password management tool do you?

Url for new credentials is always the current one as well.

Currently using Bitwarden right now. Really good to see that the security assessment is relatively positive:

> All in all, while the client and backend code are vulnerable to some issues, all of the problems can be easily fixed without a lot of effort. In that sense, Cure53 believes these items of the Bitwarden scope to be fully capable of reaching the desired standards of security in a rather short time. To reiterate, the results of this autumn 2018 assessment are positive for the client and code.

Wondering how they will address the current cryptographic scheme though.

> Wondering how they will address the current cryptographic scheme though.

The only cryptographic weakness Cure53 identified was that a malicious API server could exfiltrate encryption keys.

Cure53 deemed it a hard problem to solve. I wrote a proposed strategy for mitigating it: https://github.com/bitwarden/core/issues/392

Regarding Bitwarden's cryptographic security, a cursory read through their code yields the following:

* It's using RSA-OAEP to encrypt AES keys (EDIT: formerly "some data") https://github.com/bitwarden/jslib/blob/b4fad203b94da53d3369...

* It's using AES-256-CBC https://github.com/bitwarden/jslib/blob/b4fad203b94da53d3369... + https://github.com/bitwarden/jslib/blob/b4fad203b94da53d3369... + https://github.com/bitwarden/jslib/blob/2045e7047a66599b2c8a...

It doesn't appear to be authenticating the AES-CBC-encrypted ciphertexts in all cases, which makes me suspect padding oracles are still in-scope.


RSA-OAEP is the better RSA mode. (You don't want PKCS1v1.5)

In closing: As long as you're not for some reason storing unauthenticated AES-CBC ciphertexts in the server, the encryption is really boring.

(Boring is good for encryption.)

All AES-CBC data is authenticated with HMAC SHA-256. This was highlighted in the BWN-01-011 issue (which was determined to be a false positive since it was deemed that authentication was properly done).

I haven't traced through the app's code to verify that is true.

Recommendation: If there is no HMAC tag with a ciphertext, immediately throw an exception. It makes it clearer that a decryption failure occurred (thus avoiding false positives).

It does do this [1], however, it is a little more complex since Bitwarden has to backwards-compat support old data that was AES-CBC encrypted from long ago before auth checks were implemented, while also combating against downgrade attacks. This same discussion was had back in January when you (I assume this is PIE Scott) reported the problem in issue 306171 on HackerOne which was closed out.

[1]: https://github.com/bitwarden/jslib/blob/master/src/services/...

Oh, this did seem familiar!

The AES-CBC thing is tied to the key, right? So the downgrade attack isn't possible.

Yes, new account keys are identified (presence of a mac key) and block the downgrade (see code link above).

Last I heard on RSA-OAEP vs RSA-PKCS is that, since RSA-PKCS got a 'security proof' it is actually favored. Reason being that it gives similar guarantees but is easier to compute.

I don't know the details of the security proof for RSA-PKCS though, just that there is one.

You're thinking signatures, not encryption.


"to encrypt some data" ?

Actually data? You'd usually expect RSA to be protecting a symmetric key in this sort of setup - is that what the data is, or something else?

Yes, it's using RSA to encrypt a key, as one would hope. https://github.com/bitwarden/jslib/blob/b4fad203b94da53d3369...

Usually when I see RSA-OAEP in a casual stroll through something's code, I stop there and move onto looking for other issues.

Reason: Very few users of RSA encryption bother to use a secure padding mode. If they're doing that much, the chances of doing something very stupid (a.k.a. "RSA-ECB") is low enough to discount for the purposes of message board discussions.

(Obviously, if I'm being paid to review something, I spend a lot more time on it.)

When I wrote my post above, all I cared about was the modes being used. That's why I vaguely said "some data".

A further analysis (i.e. where rsaEncrypt() is invoked) yields: They're only using RSA for encrypting AES keys, which is a sane design.

Hopefully my lazy word choice didn't cause you (or anyone else) any undue alarm.

When you said 'data' I assumed you meant a hybrid RSA-AES scheme - of course keys are technically 'data', but when talking about data in the context of cryptography, it usually means 'data that isn't a key' :)

You clearly deal with more competent people than me. Literally the last piece of code I read that specified RSA OAEP was trying to shove user session data into it.

Thanks for replying to put my mind at ease on this.

I have been using Keepass2, then KeepassXC for 5 years, with Dropbox to sync the db between my devices.

Since Dropbox recently stopped to support ecryptfs, I started looking for alternatives (KeepassXC + Google Drive/SpiderOak, Lastpass were some candidates).

Looks like Bitwarden is worth testing too :-)

I use keepass and syncthing for the passt 4 years. This is peer to peer syncing which means at least two of the devices have to be on. I solved that by having a raspi always on which distributes the newest file if I don’t have laptop or phone connected at the same time

I've used Keepass since 2012 (Keepass2 on Linux, KeepassXC on Mac, Keepass2Android) synced with Dropbox but (experimentally) switched to Bitwarden this summer as a reaction to some HN thread, I've been very pleased! Haven't used it on Linux yet but am using the Chrome extension on Mac and the native Android & iOS apps and they work very well.

I've also been using Lastpass at work since 2015 so have experience of those three and if I had to start over and pick one it would definitely be Bitwarden. Highly recommended!

I use Keepass2, with my password database stored on a cloud server, accessible by SFTP - both the Windows client (with an extension) and Keepass2android support SFTP. Keepass2android syncs automatically when you start it, and it's just 2 clicks from the Windows client.

I've been using this setup for years, and it works well for me. Now I think about it, the only minor pain point is not syncing over some kind of HTTPS mechanism (for getting through corporate proxies).

Same here. It's the only thing that looked close enough like an open and secure platform, very much unlike LastPass and 1Password, which I can't believe so many tech-savvy people keep trusting.

KeePass would be perfect if I had an easy platform to share the file on. A VPS isn't reliable enough for me, and Dropbox 's proprietary Linux client did suspicious stuff.

At the time of writing the link to actual report in the blog post does not work. Here is the correct link: https://cdn.bitwarden.com/misc/Bitwarden%20Security%20Assess...

I don't like their response to BWN-01-010 (not rotating the encryption key and re-encrypting the database on master password change).

Their justification boils down to "either the attacker has full access to a compromised devices, or they don't." Meaning they could re-steal your master password AND encrypted database, or neither.

I don't believe that is true. Let me give an example where their justification breaks down:

Your master password is stolen, the attacker break into your DropBox account and associate it with the attacker's device, DropBox is inadvertently sharing your Bitwarden database.

You discover the break-in, change your Bitwarden master password, change your DropBox password, but forget to un-trust existing devices from DropBox. So now the attacker continues to receive your Bitwarden encrypted database via DropBox.

But good news, you think... You've changed your master password! But nope, the actual encryption key wasn't rotated, and the attacker continues to have access to everything. You're rotating passwords on all of your compromised services, only to provide the attacker with the new passwords, opps!

Their whole justification is: "But how would they get the new database?" And frankly numerous ways. Plus their workaround is pretty embarrassing:

> If a user has a pressing need to rotate their account’s encryption keys it can be achieved today through a manual process of exporting all vault data, re-creating the Bitwarden user account (delete and register again), and then reimporting the vault data back in.

Wow really? And this makes them look really bad:

> Rotating an encryption key would require that a Bitwarden client application re-encrypt the user’s entire vault (including binary file attachments). This operation is both expensive and error prone and would pose a high risk for users to end up with corrupted vault data.

So you've written such great software that it cannot reliably decrypt and encrypt without potentially corrupting the database? Awesome.

Maybe bring that issue to Bitwarden's attention on GitHub or other channels, and not just a comment here on HN?

Cure53 just brought it to their attention, that's what this thread is about.

I'm simply questioning their justification/excuses for not fixing an issue Cure53 quite correctly flagged. Me opening an issue on Github that mirrors one from Cure53's audit report wouldn't be constructive.

The report doesn't close the issue. It just provides an explanation for the current state of the issue (along with a current workaround) and details the impact of how it affects users.

Bitwarden is the password manager that got my to finally start using a password manager with it's combination of full open source and good UI. I love that they are this security focused as well.

I just want to mention how insanely insecure browsers' native password managers are. It asks you password only on export but never to fill on sites and you can see which sites are saved with no authentication, you just need access to the machine physically to access them all. Why do browsers never implement something as easy as lock the vault with OS account pass after a certain period after unlocking like any password managers do?

> Why do browsers never implement something as easy as lock the vault with OS account pass after a certain period after unlocking like any password managers do?

You must lock your workstation, it's not enough to just lock the password manager. If you leave your workstation unlocked then an attacker could install a keylogger that captures the password to unlock your password manager.

Convenience >> security for most people, unfortunately.

What's wrong with opt-in locking? Current security is a joke. Physical access and you're owned.

5-6 vulnerabilities identified but ‘no action at this time’ identified as only resolution for all of them. Worrying or is this common practice?

The audit was literally completed last week. Immediately pressing vulnerabilities were patched and shipped while plans were established for other long term fixes for the others. This report just provides disclosure of the issues.

Very worrying to me.

Would it be possible to know, ballpark, how much a similar security assessment can cost? I understand it's hard to say in general, but given this output I assume it's possible to "get a quote".

In an ideal world, all security-related OS project should have periodic scans like this, but clearly the cost may be prohibitive. Maybe there are ways to get funds, or to form groups of projects that get analyzed together, for example I'm thinking that while Cure53 is analyzing Bitwarden, they could do a similar work for other password managers that buy in.

Independently, a big thank you to Bitwarden for sharing this, knowing which were their vulnerabilities will help a lot everyone in the space. I'm personally very sensitive to these problems, I'm working on open source security products too.

It varies widely, but a code review I was party to came in at around 60k.

isn't there still a lot more hardening things to do, like moving payment out from vault.bitwarden.com, so that this domain can have a stronger CSP policy?

In other news: my todo list now features an item to migrate lastpass -> bitwarden.

(I really love the effort here)

I mostly don't regret switching from LastPass to BitWarden. Migration of logins was pretty painless. My only issue is with Android/Firefox. (Desktop Firefox + BitWarden is excellent!) The current Firefox doesn't play well with the Android BitWarden app, so you have to use the Add-on. (At least, this has been my experience.) I've also frequently encountered an issue where the menu item in Firefox for BitWarden vanishes and I have to toggle the add-on to re-add it. Over the past four days, I haven't had the issue, so I'm hoping that it's resolved for good. I believe these issues will be resolved, and they are largely not the fault of the BitWarden team; more like the Android platform and the Firefox team getting caught up with the latest best practices. (I believe Firefox Nightly actually plays well with the app, and should not require the clunkier add-on.)

My only problem was ampersands. LastPass encoded them as & and I wasn't aware of this at first. After receiving errors for some passwords, I found out that was the problem. I had to find and replace all. Bitwarden was aware of this though, they have a warning for this on their migration guide.

The migration process is very painless [0]; it will take longer to switch your installed extensions on all your devices than to migrate your vault.

[0]: https://help.bitwarden.com/article/import-from-lastpass/

I've never used a password manager, I memorize them - dozens of them. And almost all of them are uniqe and "strong" passwords. Now I have a feeling that this situation is a real burden for my mind/brain and I consider using one; just trying to convince* myself. Up until this time, I was thinking that "it's a good mental exercise!", not any more. Maybe the reason is now I have too many things to ponder upon.

I'd like to hear (well, read) if any of you have ever been in the same situation and how was the transition like? :-)

*it's a little complicated...for me

Memorizing your passwords seems impossible to me. The passwords I've put in my new password vault over the last year probably number in the mid 3 digits, and I don't really think I have THAT big an online footprint. So either: You share passwords among sites (which I never do) or you have a WAY better memory than I do. Or, I guess, you just use the password reset a lot?

Here are some things that make it really hard to remember all the passwords I need to:

- One bank requires me to change my password every month that I login. Don't even get me started.

- Many sites require 3-5 "security questions", which I consider to be effectively passwords and generate/manage them as such.

- Different sites have different allowed formulas of what they require for passwords

Memorizing passwords seems like a recipe for reuse of the same passwords on multiple sites, which is terrible.

I can't say I was quite as good about unique and strong passwords, but up until maybe a year ago, I just memorized all of my passwords. I had a few that I re-used a bit, especially for non-critical web sites.

Finally, I started out with LastPass. (Now I use BitWarden but the experience should be very similar.) What I knew I needed was something to work with my desktop browser, and something to work on my phone with any apps with logins, and with my mobile browser. A year ago, LastPass worked great with desktop and mobile Chrome, and Android. (BitWarden is a little trickier to integrate with mobile Firefox, as I outlined elsewhere in this thread, but it's constantly improving.)

So, you set up your new account, you choose a really amazing, unique, strong password like the world has never seen, and that's the only one you need to know. But there is that transition.

Install the password manager app and add-on(s) as needed on each place. Each will want to know your login and super amazing password, so you'll get to exercise your memory.

You probably want to go to each site and app that you infrequently use, log on in, add it to your password manager - or just do so directly, but you want to make sure the URLs and app references are correct - and move on to your everyday activities. (You can revisit later if you want to update it to something randomly generated.) Then go about your daily business, and if you get to apps and web sites you haven't added to your manager, no big deal - just let the manager remember it.

It's all really simple. Now, if you really want to do your due diligence, go back and update the password, especially for mission critical accounts, so that only your password manager knows the password, and it's as strong as possible.

Bitwarden has a clean interface and I like it except when you think about it, keeping your entire vault of passwords online also means, 1 single leak of your master login ID / password (which can even be something easier to remember for the sake of not forgetting, which defeats the purpose of the entire existence of it) can put an end to your online self and I stopped using anything online and having 2FA just feels the convenience has flew out the window just to login to some site and offline password managers can just work fine without that massive flaw.

The same massive flaw exists with your offline password manager. The gambit of this argument is that you (or more generally the public) are more capable of properly securing and storing secrets, instead of a company of experts hired to create, configure, update and audit a service to do so.

That's a call each person can make for themselves, but if I'm advising the normals on how to handle it, there's little doubt which direction I'm pointing.

I'm not talking about the security of the machine that holds the data. I'm saying any online password managers (without 2fa) can be unlocked with a single login, where offline password managers don't have such a severe problem.

2FA is only required for logins on new / unrecognized devices. If someone else had my master password, they still could not login.

I am only required to enter my 2FA on the installation of each client, so there is no really loss of convenience.

I use and like Bitwarden but their iOS app feels a bit slow especially when I need to search the Vault. After tapping the search icon it takes somewhere around five seconds (sometimes even longer) of loading time until I can enter my query. Has anyone else experienced this or is it just me?

I just want to pop in and say that I am planning on moving from lastpass to bitwarden. I have significant problems with the lastpass android app, the biggest being my CORRECT password being rejected; also the app is just really buggy in general. I hope bitwarden is an improvement.

has anyone here used Enpass? I use it and like it very much, because the UX is decent, and there is no "cloud" component whatsoever - it simply has a local DB which can be synced using Google Drive or Dropbox across all my devices. However, I am a concerned with their lack of a 3rd-party audit. So I've been eyeing BitWarden for that reason, but the need to run a server turns me off (especially since I'm not clear how that helps me sync the mobile clients). Those who host their own BitWarden instance: how do you approach the problems of backup and mobile sync?

I use Enpass and I like it, though I don't love it. I have a few pain points that make me consider looking elsewhere.

I like: No recurring price just buy once per platform and off you go, no hosted component it just uses my Google drive, ability to add additional items to the things it tracks like the places that insist on 5 "security questions", Android app with fingerprint is nice.

Things I don't like about Enpass:

- No ability to have multiple databases. I would really like to have the ability to have a database shared with my spouse, and one shared with my work.

- I never was able to get the Chrome integration to work on ChromeOS and that is my primary personal OS these days.

Generally it works well, but I'd love to get my wife using one, would like to have one I can share with my wife, and would like to replace our ancient work password vault that is Windows-only.

I use Enpass exclusively. Having switched from Lastpass a couple years ago. I neglected to pay the premium, and was unable to access some really needed data in the middle of a situation, but couldn't because the premium expired. After that situation, I said fuck you to paid services. While I get the benefits of them, it's not useful if you run into a situation like this where you are locked out of your own data for failure to pay on time.

Enpass was worth the cost for mobile access. But that's all I had to pay. I can now use it on every Win/Lin/Mac/Phone system available to me. Sync seamlessly in the background with my preferred cloud provider, which also requires 2FA to access. So I feel reasonably secure.

I use Safari on macOS and iOS. with its native password manager.Am I exposing myself to higher risks than by using a standalone password management app?

They’re probably ok, but you’re locking yourself in/out should you ever want/need to use a non-Apple device.

Love Bitwarden!

What are the pro/cons vs 1password?

1Password: OSX/Windows

Bitwarden: OSX/Windows/Linux

I wonder if this will nudge 1password to release a Linux client?

Is that a browser client that connects to a centralized vault or a local client?

Open source, free sync?

You can do "free" sync to Dropbox or a folder, which you can mount with SSH-FS.

"Free", as in no additional cost.

Which one are you talking about?

I think he's talking about 1password. You can sync to dropbox or any folder (that can be controlled by dropbox/spideroak/sshfs/nfs/whatever)

It's a mature product that hasn't had any major security issues. When I checked a few years ago, no other product ticked both boxes. Nowadays there might be another such product, but I'm not going to switch to find out at this point.

Which one are you talking about? 1Password?

Oops, yes, sorry.

When I last tried it, it didn't support generating passwords with English words ie. A 4 work Random password: hack-flipper-jump-london.

Edit: looks like it does support this now.

Not sure I understand you correctly, but Bitwarden can do this (it's the 'passphrase' option).

They recently added that:

"Oct 9 - This is in the next release for various apps." [1] the PR is from Oct 6 [2].

It is a very basic implementation as of now. The wordlist is English-only, and it doesn't have a minimum character account so it contains 'words' such as 'aa' and 'aaa'.

[1] https://community.bitwarden.com/t/add-an-ability-to-generate...

[2] https://github.com/bitwarden/jslib/pull/12

> it doesn't have a minimum character account so it contains 'words' such as 'aa' and 'aaa'.

The PR discusses how the original word list that was referenced was changed out to the better long word list from https://www.eff.org/dice .

Great, thank you. Some more choices in that regard would be great (such as a native language wordlist) but I very much appreciate you added this basic functionality. Even in its current form it is an improvement over nothing or manually doing this (am a satisfied Premium subscriber).

>When I last tried it

Must have been a while back. I've used it for years and it has been able to generate word passwords since day one.

I'm interested in this as well. I semi-recently paid for a year of 1password family so I'm reluctant to switch so soon.

With such a security sensitive project, I can barely find any information on what 8bit solutions is about.

It's one guy (currently) Kyle.

Has anyone ever migrated away from Keychain Access to an OS-independent password protection program?

Can I get a quick vote on keepass2 vs bitwarden, and a feature comparison?

The fact that I can't easily use a Yubikey for 2FA with KeePass has always made it a nonstarter for me. After experiencing the comfort and peace of mind I get with "master password PLUS Yubikey" in Bitwarden and LastPass, I could never go back to just having a master password that could be keylogged.

Yes, you can have a static "keyfile" on a USB stick that you use for 2FA, but that could be easily copied. "But if they have physical access it's already game over!" The scenario I am concerned about is unlocking my master database on a computer I don't own, like at work. I can do that with Bitwarden.

Doesn't KeepassXC support 2FA?

Bitwarden is closer to a LastPass competitor in the sense that it combines the encrypted database management with cloud storage, so that you can trivially share the database across devices.

Keepass is only the encrypted database management component. If you want to share that database across multiple devices you have to combine it with a cloud storage service (DropBox, Google Drive, OneDrive, iCloud, etc).

The major advantage of Keepass is that hypothetically it could be a completely off-line system, you could manually copy the database via e.g. USB Stick to every device if you so wished.

You don't strictly need a cloud storage service to keep multiple devices synchronized with Keepass, there are also options such as Syncthing or rsync.

Keepass2 does not perform any syncing between devices (as far as I know), it's "just" a password safe that stores data in an XML file.

Personally I sync my Keepass files using a secure file sync app (not Dropbox), which is sufficient for me. I don't log into account on my phone so I don't need the passwords there, I guess it can be a reason for people to use Bitwarden.

Syncing Keepass2 via Nextcloud on my phone works very well.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact