The cloud vault will be protected by the ridiculously long master password (just like the 1P vault is protected by the secret key), but you will be vulnerable if somebody steals your vault and master password from your device (just like the 1P user will be vulnerable if someone steals the vault and secret key from their device). If you need to log in a new device, copy the stored master password (just like 1P users copy their secret key).
You just have to create a 10-word passphrase as your master password (for the same entropy as the 1P secret key), and store the master password in a file on your device (just like 1P stores the secret key in a file on your device), and finally, remain logged in at all times but use a weak PIN to unlock your vault (analogous to using a weak vault password in 1P). The thing is, for users who don't like to use strong vault passwords, Bitwarden actually supports the same workflow (as the secret key approach), with the same benefits. Some say this isn't a big deal some say the more data encrypted the better. In theory Bitwarden's vault structure reveals a bit more meta information because of the way it's formatted. In 1Password's vault structure all I see are an encrypted header and a encrypted giant body for each entry and I don't know what kind of data is saved for each entry. I can tell if an entry has a URL saved, a password saved, or a user name saved in a Bitwarden vault, I can also estimate the length of the password by how long the encrypted value is (limited value).
You can see the field names and field length in a Bitwarden vault which in theory does give you some insight.Įxample. They took more of a "blob" approach to encryption where the Bitwarden value structure shows the field name then the encrypted field data. Even the label names of the fields are unknown in 1Password. Also the vault structure of 1Password encrypts more of the metadata.
0 kommentar(er)
