Tuesday, May 1st, 2018
Update 2021-02-25: (Disclaimer: I’m not a cryptographer, and not affiliated or sponsored by Passbolt in any way, shape or form). I’ve reviewed another Open Source personal and team password manager called Passbolt. Without going into a full review, its security looks impressive. Passbolt uses plain, old, trusted GPG with asymmetric public / private key encryption to encrypt and share secrets. Secrets are end-to-end encrypted, and a separate browser plugin is used for the client-side encryption. This (apparently) makes the crypto safer than plain Javascript client-side encryption. (yada, yada, CPRNG) This architecture is also more resilient against server-side breaches, as an attacker that gains access to the server cannot inject code into the javascript, given that it’s a separate plugin. The private key never leaves your client, as far as I can tell. The Open Source version does not support 2FA, however it already requires the private key and a password (with which the private key is encrypted). So basically it’s already 2FA by design. Passbolt is slightly less easier to use, but for team-based password sharing, I highly recommend it.
Update: Kyle Spearrin, the lead developer of Bitwarden, contacted me regarding this blog post. Some issues (unnecessary loading of resources from CDNs and disclosure of my email address to a third-party without confirmation) have already been resolved. Mitigations for other issues were already in place, although I haven’t had time to confirm this yet. I’ll update this post with more details as soon possible.
Bitwarden is an open source online password manager:
The easiest and safest way for individuals, teams, and business organizations to store, share, and sync sensitive data.
- Unless you are unlucky, you are pretty safe − if you followed the recommendations above, that is. The Bitwarden vault should be locked after a few minutes on the device and the probability of someone successfully breaking into the locally encrypted data is very low if you have a good master password.
- The good news for those wondering whether or not their data is safe with Bitwarden is that the answer is a resounding yes. There is no reason to suspect that your data is any less safe with Bitwarden than it is with any of the other major password managers.
Bitwarden offers both a cloud hosted and on-premise version. Some notes on the scope of this blog post and disclaimers:
Bitwarden is the easiest and safest way to store all of your logins and passwords while conveniently keeping them synced between all of your devices. Password theft is a serious problem. The websites and apps that you use are under attack every day.
- I only looked at the cloud hosted version.
- This security review is not exhaustive, I only took about a few minutes to review various things.
- I’m not a security researcher, just a paranoid enthusiast. If you find anything wrong with this blog post, please contact me at ferry DOT boender (AT) gmaildotcom.
Here are my findings:
Encryption password sent over the wire
There appears to be no distinction between the authentication password and encryption password.
When logging in, the following HTTP POST is made to Bitwarden’s server:
That’s a base64 encoded password. (Don’t worry, I anonymized all secrets in this post, besides, it’s all throw-away passwords anyway). Lets see what it contains:
Okay, at least that’s not my plain text password. It is encoded, hashed or encrypted somehow, but I’m not sure how. Still, it makes me nervous that my password is being sent over the wire. The master password used for encryption should neverleave a device, in any form. I would have expected two password here perhaps. One for authentication and one for encryption.
The reason it was implemented this way is probably because of the “Organizations” feature, which lets you share passwords with other people. Sharing secrets among people is probably hard to do in a secure way. I’m no cryptography expert, but there are probably ways to do this more securely using asymmetric encryption (public and private keys), which Bitwarden doesn’t appear to be using.
Bitwarden has a FAQ entry about its use of encryption, which claims that passwords are never sent over the wire unencrypted or unhashed:
Bitwarden always encrypts and/or hashes your data on your local device before it is ever sent to the cloud servers for syncing. The Bitwarden servers are only used for storing encrypted data. It is not possible to get your unencrypted data from the Bitwarden cloud servers.
The FAQ entry on hashing is also relevant:
Bitwarden salts and hashes your master password with your email address on the client (your computer/device) before it is transmitted to our servers. Once the server receives the hashed password from your computer/device it is then salted again with a cryptographically secure random value, hashed again and stored in our database. This process is repeated and hashes are compared every time you log in.
The hashing functions that are used are one way hashes. This means that they cannot be reverse engineered by anyone at Bitwarden to reveal your true master password. In the hypothetical event that the Bitwarden servers were hacked and your data was leaked, the data would have no value to the hacker.
However, there’s a major caveat here which they don’t mention. All of the encryption is done client-side by Javascript loaded from various servers and CDNs. This means that an attacker who gains control over any of these servers (or man-in-the-middle’s them somehow) can inject any javascript they like, and obtain your password that way.
Indiscriminate allowance / loading of external resources
The good news is that Bitwarden uses Content-Security-Policy. The bad news is that it allows the loading of resources from a variety of untrusted sources. uMatrix shows the type of resources it’s trying to load from various sources:
Here’s what the Content-Security-Policy looks like:
Roughly translated, it allows indiscriminate loading and executing of scripts, css, web workers (background threads) and inclusion of framed content from a wide variety of untrusted sources such as CDNs, Paypal, Duosecurity, Braintreegateway, Google, etc. Some of these I know, some I don’t. Trust I have in none of them.
It would take too long to explain why this is a bad idea, but the gist of it is that the more resources you load and allow from different sources, the bigger the attack surface becomes. Perhaps these are perfectly secure (right now…), but an import part of security is the developers’ security mindset. Some of these resources could have easily been hosted on the same origin servers. Some of these resources should only be allowed to run from payment pages. It shows sloppy configuration of the Content-Security-Policy, namely site-wide configuration in the web server (probably) rather than being determined on an URL by URL basis.
The actual client-side encryption library is loaded from vault.bitwarden.com, which is good. However, the (possibility of) inclusion of scripts from other sources negates any security benefits of doing so.
The inclusion of Google analytics in a password manager is, in my opinion, inexcusable. It’s not required functionality for the application, so it shouldn’t be in there.
New password entry is sent securely
When adding a new authentication entry, the entry appears to be client-side encrypted in some way before sending it to the server:
It’s base64 again, and decodes into the same obscure binary string as the password when logging in. I have not spent time looking at how exactly the encoding / encryption is happening, so I cannot claim that this is actually secure. So keep that in mind. It does give credence to Bitwarden’s claims that all sensitive data is encrypted client-side before sending it to the server.
Disclosure of my email address to a third part without my consent
I clicked on the “Data breach report” link on the left, and Bitwarden immediately sent my email address to https://haveibeenpwned.com. No confirmation, no nothing; it was disclosed to a third party immediately. Well, actually, since I use uMatrix to firewall my browser, it wasn’t and I had to explicitly allow it to do so, but even most security nerds don’t use uMatrix.
That’s not cool. Don’t disclose my info to third parties without my consent.
Developer mindset
One of, if not the, most important aspects is the developer mindset. That is, do they care about security and are they knowledgeable in the field?
Bitwarden appears to know what they’re doing. They have a security policy and run a bug bounty program. Security incidents appear to be solved quickly. I’d like to see more documentation on how the encryption, transfer and storage of secrets works. Right now, there are some FAQ entries, but it’s all promisses that give me no insight into where and how the applied security might break down.
One thing that bothers me is that they do not disclose any of the security trade-offs they made and how it impacts the security of your secrets. I’m always weary when claims of perfect security are made, whether explicitely, or by omission of information. There are obvious problems with client-side javascript encryption, which every developer and user with an reasonable understanding of web developers recognises. No mention of this is made. Instead, security concerns are waved away with “everything is encrypted on your device!”. That’s nice, but if attackers can control the code that does the encryption, all is lost.
Please note that I’m not saying that client-side javascript encryption is a bad decision! It’s a perfectly reasonable trade-off between the convenience of being able to access your secrets on all your devices and a more secure way of managing your passwords. However, this trade-off should be disclosed prominently to users.
Conclusion
So, is Bitwarden (Cloud) secure and should you use it? Unfortunately, I can’t give you any advice. It all depends on your requirements. All security is a tradeoff between usability, convenience and security.
I did this review because my organisation is looking into a self-hosted Open Source password manager to manage our organisation’s secrets. Would I use this to keep my personal passwords in? The answer is: no. I use an offline Keepass, which I manually sync from my laptop to my phone every now and then. This is still the most secure way of managing passwords that I do not need to share with anyone. However, that’s not the use-case that I reviewed Bitwarden for. So would I use it to manage our organisation’s secrets? Perhaps, the jury is still out on that. I’ll need to look at the self-hosted version to see if it also includes Javascript from unreliable sources. If so, I’d have to say that, no, I would not recommend Bitwarden.
Password safes are maybe one of the most important tools these days when it comes to security in our online life. I use them every day, multiple times and already wrote about it here. You can go for my KeePass article or the LastPass article of my co-author Alex.
All in all, I want to compare these password safes now in a few fields like UX, official support, security, pricing, and licensing.
LastPass
LastPass is maybe the most popular password safe in the world and very good in their marketing. They provide a modern UI and have clients for all major platforms including modern browsers as well as a desktop and a CLI application.
UX
From a UX perspective, LastPass is for sure the most user-friendly service in this comparison. The modern design allows very intuitive usage and since they provide clients for all browsers as well as your smartphone, you can also easily integrate it, in your daily web workflow.
Official support
Since LastPass provides ready to use clients for all kind of platforms it also supports them officially, which means people don’t have to trust another 3rd party tool.
But they also provide an API so 3rd party tools can be written, which makes it nice to integrate LastPass with own applications.
Security
When it comes to security LastPass becomes a bit difficult. There were multiple security flaws in LastPass that were published in the past few months. They are fixed now (as far as I know), but there was one, based on the previous, so the security work is maybe not perfect. On the other hand, they fixed these issues very fast.
Anyway, they provide bug bounty for security flaws which help to improve the security of the program and makes it less attractive to abuse security problems.
Last but not least, many people have concerns with storing their passwords in a cloud. Right now, LastPass doesn’t support a local use only and the only way to sync passwords is to use their cloud service.
Pricing
LastPass provides a free as well as a paid version of their service. The paid service costs $2 per month, which means $24 for a year. That’s pretty cheap and allows you to access additional security features as well as the usage of the desktop client with native fill-in to desktop applications.
I personally used it without a paid subscription. The free version was okay, for me.
There are additional plans for business use-cases and organizations.
License
As a FOSS person the license is important to me and here LastPass is a disappointment because it’s totally proprietary. The servers as well as clients.
The only client project they provide under a free license is the lastpass-cli and it’s published under GPL-2.0.
Rating
UX: ✱✱✱✱✱
Official support: ✱✱✱✱✱
Security: ✱✱✱
Pricing: ✱✱✱
License: ✱
Bitwarden
Bitwarden is an awesome project as password safe. It works similar to LastPass but is 100% FOSS. Clients, as well as servers, are provided under GPL or AGPL and it provides a modern UI.
UX
From a UX perspective, Bitwarden is very intuitive for non-tech users. They also provide very understandable help section on their website which allowed me to migrate from LastPass to Bitwarden in less than 5 minutes.
But they are still a young company with a lot of products, which sometimes let you run in a dead end. So it’s already easy to use, but some places still need work.
Official support
Right now, Bitwarden provides a web-extension for all major browsers including the tor browser. They also provide a mobile app and web access to your vault on their web page as an in-browser app.
A native desktop application as well as and CLI version are planned but not finished yet.
Security
Here it comes to a problem.
As well as LastPass, Bitwarden only supports storing your passwords in a cloud. Of course, they are encrypted with your master password and they also allow 2 factor-authentication, but I couldn’t find any security audit of their backend.
The good news is: Their backend is open-source as well, so you can host and audit it yourself.
So this is now a question of trust. If you are interested in this topic you can easily follow the GitHub issue about it.
Update 2018-11-12:There is now a security audit along with a blog article about it.
Pricing
For private people, Bitwarden provides two plans. The free plan is the default plan and includes all basic features. It’s comparable to LastPass free plan, but without ads and you can use all applications including the upcoming desktop application.
The premium plan only costs $10 a year and is way cheaper than LastPass. It provides additional features like extended 2FA features for login to your password safe, 1GB storage and priority support.
As well as in case of LastPass I stayed with the free plan.
There are additional plans for business use-cases and organizations.
License
From the licensing perspective, I love Bitwarden.
Their entire applications are provided under a free license: GPL-3.0 or AGPL-3.0.
But there are some features require a premium license to use. I’m not sure how this works, but and how this impacts the AGPL but if you want to follow the GitHub issue you’ll probably learn it.
Rating
UX: ✱✱✱✱
Official support: ✱✱✱✱
Security: ✱
Pricing: ✱✱✱✱
License: ✱✱✱
Update 2018-11-12:The security rating is definitely no more correct. I would tend to put it to 4-5 stars from today on. Please notice that due to the nature of the article, I’m not about to change the rating, since this would require me to rework the whole thing for each password manager.
KeePass
KeePass! The first password safe I used and very popular from the old times. It’s basically completely offline and designed as own application. It provides rock solid and proven security and has a standardized file format called .kdbx.
It’s provided for all major Linux distributions as well as Windows and MacOS.
UX
From a UX perspective, KeePass is very old school. It looks like a Windows XP application, but once you created your password file it’s very straightforward. You create a new entry, get a pre-generated password and simply add the details you need to identify the password later. You can also add a web address or similar, where you want to use the password. Once you did that, you press save and it’s done.
KeePass is very extensible as I already mentioned in my previous article. When you use plugins it becomes a bit difficult. You need to install them into the right location and since they are all 3rd-party you have to trust the authors or check them yourself.
Official support
KeePass provides an awesome collection of plugins on their web page, but you have to keep in mind, they are all no officially supported. If they work, fine, if not, well, not a KeePass problem.
But what KeePass provides by default is an auto-fill into the most application by simply send the key presses to the application.
When it comes to supported platforms, they list various Linux distributions as well as Windows and MacOS. But of course, since .NET is built by Microsoft the best experience for KeePass appears on Windows.
Since the KeePass file format is standardized there are various alternative applications that can read and write .kdbx files
Security
When it comes to security, KeePass is one of the most secure applications in this comparison. It doesn’t use any cloud by default and allows you to encrypt your password with a master-password and a cryptographic key file. This way even when your password database is stolen, it’s way more secure than the usual master-password-only setup, that LastPass and Bitwarden provide where the second factor is only used to prevent access the database on their server.
You can place this key file on an USB device and carry it with you around so even when your notebook is stolen your passwords are safe.
Pricing
KeePass is free. And since it’s a local program only, there is neither a cloud version nor premium feature.
But of course, they love donations: https://keepass.info/donate.html
License
KeePass is a wonderful free & open source software. 100% GPL-2
Rating
UX: ✱✱✱
Official support: ✱✱✱
Security: ✱✱✱✱✱
Pricing: ✱✱✱✱✱
License: ✱✱✱✱✱
Pass - The password store
Hp printer driver for mac os. Pass is a command line-based password safe that manages all your passwords in a git repository encrypted with your GPG key.
So if you are familiar with both technologies, it’s a perfect solution.
UX
Since pass is a command line utility, it’s not very perfect for non-tech people that jump out of windows when a black box with white letters appears on their screen.
But for those who are familiar with git, it’s super easy to use. pass generate <someidentifier> generates a password, encrypts it with your GPG key, stores, and commits it to the repository in one step. As identifier, it’s recommended to use a webpage.tld/username-scheme but that’s it.
It also allows you to store normal files in it. Simply use the -m flag. This as well as, when you edit your password, will open your default editor (in my case vim) with the file content and let you insert all you need.
And since it uses git as data store, you can simply move your passwords around as any other git repository. For example, I use a private GitHub repository as my personal password cloud storage.
Official support
Mixcraft acoustica for mac. Pass is a command line tool only. So it’s feature setup is also only around the CLI. But everyone who uses the command line on a daily basis knows the power of UNIX. And that’s why there exist a lot of other tools that simply use the output and pass it to your target application. A browser, another CLI tool, even Ansible has a wonderful integration for pass.
Security
When it comes to security it’s as secure as gpg and git. Both are very well known and used programs and proven to be secure.
Is Bitwarden Password Manager Safe
And since it encrypts every password like this, using asymmetric encryption, it’s maybe even more secure than KeePass with a key file.
Pricing
It’s free. No premium features, no cloud storage.
License
It’s free and open source software. Licensed under GPL-2.0+.
Rating
UX: ✱✱
Official support: ✱✱
Security: ✱✱✱✱✱
Pricing: ✱✱✱✱✱
License: ✱✱✱✱✱
Conclusion
All in all, all password safes are usable. LastPass and Bitwarden are very easy to use and something I would suggest to my parents. While KeePass is a bit more difficult to use and of course, they don’t provide an official plugin for browsers.
Pass itself is not very perfect for people who don’t like CLIs. But there are various 3rd-party GUIs and nice integrations made by the active community. So maybe they are better for you.
I use and used all password safes for a while. I switched from LastPass to Bitwarden for my typical browser passwords, because I like the fact that they are Open Source. I use KeePass for my very sensitive passwords and recovery keys and pass for everything I deploy with Ansible. So there are many different use cases out there.
Bitwarden Hacked
Which password safe is the perfect for you? That is a question you have to answer yourself. But if you decide which one it is, let me know in the comment section.
Keep your passwords safe!
Bitwarden Security Review
Update 2018-11-12:Please notice the updates to Bitwarden are not put into account for the conclusion, since I’m not about to rework the entire article.