|
|
|
|
|
|
by teekert
1915 days ago
|
|
|
And yet you are using a product at the whims of some remote/foreign party whom you have never met and is bound by a set of responsibilities and laws with which you are entirely unfamiliar. I get where you are coming from, but you clinking "update" in stead of the dev does not guarantee the safety of the update. |
|
|
I run a private fork of the bitwarden client, anyway. Their stock one partially trusts the iteration count of the PBKDF provided by the server, and can be tricked into sending a low-iteration hash of the master password.