So uh… I have been switching Password managers a lot. I first used Keeper Security, then LogMeOnce, and then I started using the Bitwarden Extension with the Garuda Linux Vaultwarden instance.
And so I have a few questions about the security of Vaultwarden:
- Does it have client side encryption? Like, I would like to know, even if the server is compromised, even if there is an atacker intercepting connections, as long as the client is secure will the passwords be secure? Because, as I can imagine, if all information is encrypted and decrypted client side, and everything sent between the client and the server and everything in the server is encrypted, it should be secure.
- Will I be secure even if someone modifies the Vaultwarden code in the server?
- Imagine that I hosted a Vaultwarden instance on a server where the server owner can access and modify all files and logs, and the website is http only. Will it still be secure? If everything is encrypted and decrypted client side, it should be, right?
- In the Garuda Linux Vaultwarden at least, I can view my passwords in the website. Does that mean that the website is decrypting and encrypting stuff locally or remotely in the server?