Everything but a few proprietary, business focused modules in the backend (like managing multiple organisations) is AGPL licensed. Unless you’re a business, you can probably make do with just the open source code. They’ve even included a compile flag to disable all proprietary code. The clients are all GPL-licensed as far as I can tell.
You can also run Vaultwarden as the backend, which is a third party server that takes a lot less RAM but isn’t suitable for hosting thousands of active users at once. I also don’t think it has been audited, unlike the Bitwarden code. Great option if you trust them as much as you trust the Bitwarden company to maintain security.
It depends on what kind of encryption it is but still giving someone your passwords isn’t a good idea. They can always decrypt everything. Forward secrecy is almost never guaranteed.
Everything but a few proprietary, business focused modules in the backend (like managing multiple organisations) is AGPL licensed. Unless you’re a business, you can probably make do with just the open source code. They’ve even included a compile flag to disable all proprietary code. The clients are all GPL-licensed as far as I can tell.
You can also run Vaultwarden as the backend, which is a third party server that takes a lot less RAM but isn’t suitable for hosting thousands of active users at once. I also don’t think it has been audited, unlike the Bitwarden code. Great option if you trust them as much as you trust the Bitwarden company to maintain security.
To me storing passwords anywhere except for a machine I own is stupid in terms of security. But gtk it’s open-source. I didn’t know that.
How do you feel about encryption?
It depends on what kind of encryption it is but still giving someone your passwords isn’t a good idea. They can always decrypt everything. Forward secrecy is almost never guaranteed.
What is your threatmodel?
Nice try FBI