The first is its Breachwatch feature which – Keeper claims – “constantly scans vaults for passwords that have been exposed on the dark web”. Two features of the Keeper password manager suggest it is not a zero knowledge solution. Because the hash functions are one-way hashes, they cannot be reverse engineered by a hacker or malicious insider, so no-one will ever be able to crack your master password and access the content of your vault. Once Bitwarden´s servers receive the hashed password, it is salted again with a cryptographically secure random value, hashed again, and stored.
Following the key-creation process (known as PBKDF2), Bitwarden salts and hashes the master password with the email address before transmission to its servers. With regards to Bitwarden´s zero knowledge model, every bit of data is encrypted at device level when it is entered using an encryption key derived from the user´s email address and master password. Consequently, bugs are identified and fixed quickly whenever an update is released or a new threat emerges. In addition, Bitwarden runs a bug bounty program that rewards members of the open source community if they find a vulnerability in the code. The Bitwarden password manager is built on open-source software which means its code is publicly available for anybody to review. This lack of transparency should be a concern to security-conscious individuals and businesses trusting Keeper with sensitive data. However, Keeper has never adequately explained how its Breachwatch feature is capable of proactively checking for compromised passwords nor how the password manager supports master password and account recovery under a zero knowledge model. Genuine zero knowledge is an important factor when evaluating vault-based password managers because, if the provider´s servers are hacked or the provider has a malicious insider in its workforce, the data stored on the provider´s servers cannot be deciphered. However, these comparisons fail to mention that Keeper offers an extremely limited free service nor that many of its add-on premium services are provided as standard in Bitwarden´s premium and business plans.įurthermore, questions exist about the authenticity of Keeper´s claim it is a zero-knowledge solution. Some comparisons of Bitwarden versus Keeper arrive at the conclusion that Bitwarden is the best free password manager, while Keeper offers a better premium service.
0 kommentar(er)
