|
|
|
|
|
|
by Macha
1915 days ago
|
|
|
> It's good for personal passwords, but Bitwarden itself offers free service so there's no need to venture down the self-hosted road. It's a trust issue. I don't trust my passwords on someone else's server. I don't trust free services to remain free forever. I don't trust paid services to not increase the fees 4x over a few years. The alternative to bitwardenrs or bitwarden/server is not bitwarden.com for me given the areas I'm concerned with, it's going back to KeePass + Syncthing. I think the reticence to provide the group features in bitwarden_rs may come from being unwilling to too blatantly step on the toes of Bitwarden LLC by producing a $0 drop in alternative to their paid service. bitwarden_rs is open source and bitwarden/server is _mostly_ open source (Some SSO related features are not), so it seems worthwhile to get along and not need to fork the ecosystem. |
|
|
They don't have your decryption key, therefore they save encrypted blobs and have no means to obtain your password. This takes care of trust issue - it simply is not an issue and never will be.
Even if malicious employee does something out of the ordinary or "hacker" gets the database, they still have the impossible task of breaking the encryption (which for all intents and purposes is impossible as of right now).
This returns us back to my starting point - there's *no objective* reason to use bitwarden_rs, apart from curiosity and/or convenience. I'm not saying it SHOULD not be used. We are all free to make choices as we see fit and don't need to justify them, however the reasons you listed are not reasons at all because the concerns you have don't exist.