Vaultwarden vs KeePassXC for extreme security
fedilink
39
Vaultwarden vs KeePassXC for extreme security
fedilink

I was thinking about how all of my passwords are compromised if I have malware on my system. It made me wonder, does Vaultwarden or KeePassXC/KeePassDX offer better protection on a malware infected system?

Vaultwarden

  • Only accessed locally via LAN/VPN
  • Set up for 2 factor authentication using WebAuthn (FIDO)

KeePasssXC/KeePassDX

  • Synced locally via syncthing
  • Set up for 2 factor authentication using HMAC-SHA1 Challenge-Response
  • All clients blocked from internet access

I don’t use browser extensions and I manually copy/paste my passwords to fill in entries.

KeePass has good memory protection, but the 2FA can be read from USB and doesn’t change every time the database is decrypted. Vaultwarden enables the more secure FIDO2 2FA, but to my knowledge has less secure memory management as the entire entire database is decrypted on unlock.

Daniel Hall
link
fedilink
14d

Maybe I’m misunderstanding something then, what’s the private key embedded within the client API’s profile response?

Pup Biru
link
fedilink
13d

which endpoint are you referring to?

there are passwords exchanged when using the vault management API, but AFAIK that’s for local access (eg CLI talking to the app)

i’m no expert on the specifics of the API; just in the description they give: https://bitwarden.com/help/what-encryption-is-used/

Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data.

PBKDF2 SHA-256 is used to derive the encryption key from your master password

this is exactly the way this should be done. any deviation from this formula by a password manager with a server component should be viewed with extreme scepticism

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 124 users / day
  • 1.05K users / week
  • 1.3K users / month
  • 4.58K users / 6 months
  • 1 subscriber
  • 3.54K Posts
  • 89.4K Comments
  • Modlog