bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2025-12-06 00:03:30 +00:00
Code Issues Releases Wiki Activity

added references to Bitwarden Crypto, clarified AES-CBC, and specifie… (#161)

Browse Source 
* added references to Bitwarden Crypto, clarified AES-CBC, and specified encryption for org/collection keys

* updated Organization key information
This commit is contained in:
Trey Greer
2020-08-19 16:46:03 -04:00
committed by GitHub
parent 750552db8d
commit ded3ebdc88
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
_articles/security/what-encryption-is-used.md
View File

@@ -7,11 +7,11 @@ popular: false
tags: [encryption]
---
Bitwarden uses [AES][aes]{:target="blank"} 256 bit encryption as well as [PBKDF2][pbkdf2]{:target="blank"} to secure your data.
Bitwarden uses [AES-CBC][aes]{:target="blank"} 256 bit encryption as well as [PBKDF2][pbkdf2]{:target="blank"} to secure your data.
[AES][aes]{:target="blank"} is a standard in cryptography and used by the US government and other government agencies around the world for protecting top secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable.
[AES-CBC][aes]{:target="blank"} is a standard in cryptography and used by the US government and other government agencies around the world for protecting top secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable.
[PBKDF2][pbkdf2]{:target="blank"} SHA-256 is used to derive the encryption key from your master password. This key is then salted and hashed. The default iteration count used with PBKDF2 is 100,001 iterations on the client (this client-side iteration count is configurable from your account settings), and then an additional 100,000 iterations when stored on our servers (for a total of 200,001 iterations by default).
[PBKDF2][pbkdf2]{:target="blank"} SHA-256 is used to derive the encryption key from your master password. This key is then salted and hashed. The default iteration count used with PBKDF2 is 100,001 iterations on the client (this client-side iteration count is configurable from your account settings), and then an additional 100,000 iterations when stored on our servers (for a total of 200,001 iterations by default). The Organization key is shared via [RSA-2048][rsa]{:target="blank"}.
Bitwarden does not write any cryptographic code. Bitwarden only invokes crypto from popular and reputable crypto libraries that are written and maintained by cryptography experts. The following crypto libraries are used:
@@ -26,8 +26,11 @@ Bitwarden does not write any cryptographic code. Bitwarden only invokes crypto f
Bitwarden **always** encrypts and/or hashes your data on your local device before it is ever sent to the cloud servers for syncing. The Bitwarden servers are only used for storing encrypted data. It is not possible to get your unencrypted data from the Bitwarden cloud servers.
For examples of how this encryption is used, please visit our [cryptography example page.](https://bitwarden.com/help/crypto.html)
[aes]: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
[pbkdf2]: https://en.wikipedia.org/wiki/PBKDF2
[rsa]: https://en.wikipedia.org/wiki/RSA_numbers#RSA-2048
[forge]: https://github.com/digitalbazaar/forge
[webcrypto]: https://w3c.github.io/webcrypto/Overview.html
[bouncy]: http://www.bouncycastle.org/csharp/