Does bitwarden use a salted hash for my password? article ref #2

2025-12-06 00:03:30 +00:00 · 2016-10-15 02:50:20 -04:00
parent 7d77988db9
commit 05fc89adfd
1 changed files with 19 additions and 0 deletions
--- a/_articles/security/password-salt-hash.md
+++ b/_articles/security/password-salt-hash.md
@@ -0,0 +1,19 @@
+---
+layout: article
+title: Does bitwarden use a salted hash for my password?
+category: Security
+featured: true
+popular: false
+tags: [encryption, hash]
+---
+
+Yes.
+
+bitwarden salts and hashes your master password with your email address on the client (your computer/device) before it is
+transmitted to our servers. Once the server receives the hashed password from your computer/device it is then salted
+again with a cryptographically secure random value, hashed again and stored in our database. This process is repeated
+every time you log in and hashes are compared.
+
+The hashing functions that are used are one way hashes. This means that they cannot be reverse engineered by anyone at
+bitwarden to reveal your true master password. In the hypothetical event that the bitwarden servers were hacked and your
+data was leaked, the data would have **no value** to the hacker.