lmrdaddy
-
Posts
3 -
Joined
-
Last visited
Reputation Activity
-
lmrdaddy got a reaction from paulw in Bitwarden CLI - Get passwords, username, TOTP and more from Bitwarden
It is (in my opinion) still way better than not using a password management at all.
I am not really in a position to judge that. The github issue is more than 4 years old, so I hope they learned something since then. Personally, I am using the Firefox extension without having investigated any closer, I'm trusting (perhaps wrongly so) that a security company does at least a few things right.
-
lmrdaddy got a reaction from deanishe in Bitwarden CLI - Get passwords, username, TOTP and more from Bitwarden
I guess they were referrring to
So storing both the encrypted data and the en-/decryption key in the same unprotected storage ("plainly on disk") is indeed a horrible idea. Storing it in a place that is potentially vulnerable to direct access via malicious websites in case the browser itself is attackable via a browser vulnerability is another issue. The latter is the reason why it is generally not the best idea to use a browser's own password management feature.
-
lmrdaddy got a reaction from paulw in Bitwarden CLI - Get passwords, username, TOTP and more from Bitwarden
I guess they were referrring to
So storing both the encrypted data and the en-/decryption key in the same unprotected storage ("plainly on disk") is indeed a horrible idea. Storing it in a place that is potentially vulnerable to direct access via malicious websites in case the browser itself is attackable via a browser vulnerability is another issue. The latter is the reason why it is generally not the best idea to use a browser's own password management feature.
-
lmrdaddy got a reaction from blacs30 in Bitwarden CLI - Get passwords, username, TOTP and more from Bitwarden
I guess they were referrring to
So storing both the encrypted data and the en-/decryption key in the same unprotected storage ("plainly on disk") is indeed a horrible idea. Storing it in a place that is potentially vulnerable to direct access via malicious websites in case the browser itself is attackable via a browser vulnerability is another issue. The latter is the reason why it is generally not the best idea to use a browser's own password management feature.