Comment on Password managers are less secure than promised
iglou@programming.dev 1 week agoIf the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)
No, not “duh”. The right way to do this is client-side encryption/decryption. The server then does not at any moment know anything about your passwords.
felbane@lemmy.world 1 week ago
This is what Bitwarden claims to do, and yet we have a paper showing that with a compromised server there exists a vulnerability.
iglou@programming.dev 1 week ago
What they claim to do and what they do is not necessarily the same. If done properly, the server does not need to be trusted.