So, if you didn't switch from LastPass to Bitwarden yet, now is the time.

Changes to LastPass Free - The LastPass Blog blog.lastpass.com/2021/02/chan

@fuxoft I got a 1 year license for a password management application, but never used it. What is the use of this software, in general?

What I mean is, why not leave password storage to an unencrypted .txt file sitting on your desktop with no backup?

@rasterman OK, I could answer that if you confirm your question is not a joke!

@fuxoft It is almost unironic.

Why rely on third parties that use cloud services instead of take care of it yourself?

That would be the more serious question.

@rasterman OK. With Bitwarden, I have the opportunity to access and manage my passwords and other sensitive info from all my devices anywhere and have them backed up in the case my personal backup has problems. Everything is encoded on my devices so the sensitive information is never on BW's servers. If I don't want to be dependent on Bitwarden's servers, I can host the whole thing myself, on my own server. But that's not necessary because even if BW goes offline, I don't lose my passwords.

@fuxoft I think I understand. So, that means that the data is always local and only uses the cloud service to synchronise among all the devices?

@rasterman The data is encrypted using your master password. It's decrypted only when you access it on your device. In this way it can be synchronized across the devices (through the bitwarden server) without being readable by anyone who doesn't have the master password. If you are offline, you can still access your passwords because they are already synchronized to all your devices since last change was made.

@fuxoft So there is no moment where a superhacker can intercept you communication to steal your master password?
Follow

@rasterman @fuxoft
Kinda... (obviously depends just how super is your suprehacker) :pepeHacker:

@rasterman @fuxoft
there is no known way of breaking asymmetric RSA cyphre (the basis of modern cryptography), so the data being sent should be impossible to break into, not to mention that the computational complexity is at a point, when no server could do in until the heat-death...

That being said..... once the hacker is on your PC, it is a different story. :ablobdevil:

...And there is a theoretical algorythm that should be able to break the RSA on a quantim combuter instantly... :ablobcatsweatsip:

@rasterman @fuxoft
And I am not a security IT mage, so take everything I say with a serious dose of tripple checking...

@LukeAlmighty @fuxoft A certain company claimed to have the first quantum computer, but I think they were bullshittin' 'cause I never saw anything more about it and it seemed they didn't want others inspecting it to confirm. :blobthonkang:

OK, that confirms it. I'll keep that software in mind if I ever feel my unencrypted .txt file sitting on my desktop with no backup is no longer cutting it.
Sign in to participate in the conversation
Game Liberty Mastodon

Mainly gaming/nerd instance for people who value free speech. Everyone is welcome.