906e2ca0dd
* initial commit
* adding quotes for the array error
* Create Gemfile
* Create Gemfile.lock
* add .nvmrc and .node-version
* removed /article from URL
* update links to work with netlify
* more fixed links
* link fixes
* update bad links
* Update netlify.toml
toml test for redirects
* article redirect
* link fixes
* Update index.html
* Update netlify.toml
* Update _config.yml
* Update netlify.toml
* Update netlify.toml
* Update netlify.toml
* Update netlify.toml
* Update netlify.toml
* add article back into URL for launch
* Update netlify.toml
* Update netlify.toml
* add order to categories front matter
* Update netlify.toml
* update
* sidemenu update
* Revert "sidemenu update"
This reverts commit 5441c3d35c.
* update order prop
* Navbar updates per Gary and compiler warnings
* font/style tweaks
* Update sidebar.html
* Stage Release Documentation (#739)
* initial drafts
* rewrite Custom Fields article to prioritize new context-menu option & better organize ancillary information
* edit
* edit
* Custom Field Context Menu & CAPTCHA item in release notes
* SSO relink event
* update rn
* small edits
* improve release notes titles
* fix side menu
* Edits courtest of mportune!
* update order
* link fixes
* link cleanup
* image updates and a link
* fix trailing slash
Co-authored-by: DanHillesheim <79476558+DanHillesheim@users.noreply.github.com>
3.8 KiB
layout, title, categories, featured, popular, tags, order, redirect_from
| layout | title | categories | featured | popular | tags | order | redirect_from | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| article | Encryption |
|
true | false |
|
03 |
|
Bitwarden uses AES-CBC 256-bit encryption for your Vault data, and PBKDF2 SHA-256 to derive your encryption key.
Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data. For more information, see Storage.
Vault data can only be decrypted using the key derived from your master password. Bitwarden is a zero knowledge solution, meaning you are the only party with access to your key and the ability to decrypt your Vault data.
{% callout success %} We encourage you to visit our Interactive Cryptography Page{:target="_blank"} to see for yourself how Bitwarden encrypts your data.
If you'd like to learn more about how these encryption keys are used to protect your Vault, you can also check out our Security Whitepaper. {% endcallout %}
AES-CBC
AES{:target="_blank"}-CBC (Cipher Block Chaining){:target="blank"}, used to encrypt Vault data, is a standard in cryptography and used by the US government and other government agencies around the world for protecting top-secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable.
PBKDF2
PBKDF2{:target="blank"} SHA-256 is used to derive the encryption key from your master password. Bitwarden salts and hashes{:target="_blank"} your master password with your email address locally, before transmission to our servers. Once a Bitwarden server receives the hashed password, it is salted again with a cryptographically secure random value, hashed again, and stored in our database.
The default iteration count used with PBKDF2 is 100,001 iterations on the client (client-side iteration count is configurable from your account settings), and then an additional 100,000 iterations when stored on our servers (for a total of 200,001 iterations by default). The Organization key is shared via RSA-2048{:target="blank"}.
The utilized hash functions are one-way hashes, meaning they cannot be reverse engineered by anyone at Bitwarden to reveal your master password. Even if Bitwarden were to be hacked, there would be no method by which your master password could be obtained.
Invoked Crypto Libraries
Bitwarden does not write any cryptographic code. Bitwarden only invokes crypto from popular and reputable crypto libraries that are written and maintained by cryptography experts. The following crypto libraries are used:
- JavaScript (Web Vault, Browser Extension, Desktop, and CLI)
- Web Crypto{:target="blank"}
- Node.js Crypto{:target="blank"}
- Forge{:target="blank"}
- C# (Mobile)
- CommonCrypto (iOS, Apple)
- Javax.Crypto (Android, Oracle)
- BouncyCastle{:target="blank"} (Android)