[echanfsw]

>On a less positive note, the assessment of the deployed cryptographic design led to the discovery of certain issues that must be addressed in due course. One was rated “Critical” because a malicious vault could obtain and modify organization items. This approach relied on MitM attack described in BWN-01-008. The overall code quality of the crypto implementations was deemed to be overly complex and frequently misleading, which led to reporting a false positive issue (see BWN-01-011). More generally, cryptographic libraries of the Bitwarden compound have not yet been optimized. They particularly need to be simplified as unnecessary complexity can lead to problems.

>To reiterate, the results of this autumn 2018 assessment are positive for the client and code. Sadly, the same thing cannot be stated for the current cryptographic scheme in use. Given the number and range of issues discovered, it seems necessary that a re-design takes place. This needs to reassess how certain features are implemented and ensure that the overall cryptography stands strong against the attackers’ efforts.

Um. Is this not worrying to people?

[xxkylexx]

@Aquakor I am the lead developer of Bitwarden and was intimately involved in the security audit mentioned. I can understand that those two paragraphs may seem a bit concerning out of context. To provide more context, there were several points discussed between the Bitwarden developers and the auditing team about how we could redesign specific features (ex. organization user confirmations) so that the crypto implementations would be stronger and more resilient against certain attack vectors. A consensus was reached and that is what is being referenced here about re-designing things.

The purpose of an audit like this is to find issues. When issues are found, that is a good thing. We want to find problems so that they can be fixed. What would be bad is if we found issues that could not be properly fixed, or an abnormally large number of issues, neither of which was the case with Bitwarden. What I can tell you is that all issues referenced in this audit have already been resolved in very short order (the audit was only completed just last week), with relatively simple fixes, and that Bitwarden is even safer to use today than it was before.

[tmd83]

Can anyone knowledgeable comment on this. Right now I'm using enpass and trying to wonder if BitWarden would be better. Enpass has some issues when if sync fails it doesn't really report that (for me at least). I also have had some issues when I'm in a trusted machine (at work) but not my own when having a web-vault access might be good.

On the other hand I do love the no cloud mode of enpass which potentially of makes it slightly more secure (a cloud for password storage would be a juicy target). It also means I have a local backup of all my password in my devices in case of some issue including bitwarden web vault being down.

[kitotik]

yeah, that seems like the sort of thing you would never want to hear from an audit. the only thing worse would be known breaches.

[jammygit]

Is it good to release this audit so soon? Wouldn't it have been better to release it in 1-3 months after they fixed the issues so that they don't alert attackers that there's an opportunity? Actually curious what the best practice is and why it is so.