> However, users probably have the reasonable expectation that if their laptop is stolen, their device-local vault data(supposedly encrypted on disk) is not compromised as a result.
If you’re using a four-number pin to encrypt your data with no additional “padding” around that PIN, that is not a reasonable expectation.
However, I also don’t think that it’s reasonable that Bitwarden allows weak passphrases to begin with.
If you’re using a four-number pin to encrypt your data with no additional “padding” around that PIN, that is not a reasonable expectation.
However, I also don’t think that it’s reasonable that Bitwarden allows weak passphrases to begin with.