Man_in_the_uk t1_j5vq6zc wrote on January 25, 2023 at 10:05 PM

Reply to comment by OSUBucky in Everyone Wants Your Email Address. Think Twice Before Sharing It. by 08830

Screw that, look at what happened with this..

https://thecrow.uk/lastpass-data-breach-is-starting-to-look-truly-horrendous/

FnTom t1_j5vtxro wrote on January 25, 2023 at 10:29 PM

You can self-host Bitwarden and limit it to a local environment. That way, security breaches on their server would mean absolutely nothing to you.

misconfigbackspace t1_j5w4d4w wrote on January 25, 2023 at 11:43 PM

Specifically this: https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/

rhinosyphilis t1_j5wfy9b wrote on January 26, 2023 at 1:06 AM

The edits on that article say that they upped iterations to 350k. I heard on my fav security podcast that it was 600k (show notes aren’t posted yet, when they are I’ll update this with their reference). If you’re self hosting though your vault is on your own servers.

misconfigbackspace t1_j5y8guk wrote on January 26, 2023 at 11:47 AM

I have no beef with any particular online password provider. Because I use Keepass with the password file shared on a google drive folder on very limited desktop / laptop computers. I don't use a smartphone.