Bitwarden encrypts all of the information in your Vault, including the websites you visit, even the names of your individual items and folders. We use the term zero knowledge encryption because only you retain the keys to your Vault, and the entirety of your vault is encrypted. Bitwarden cannot see your passwords, your websites, or anything else that you put in your Vault. Bitwarden also does not know your Master Password. So take good care of it, because if it gets lost, the Bitwarden team cannot recover it for you.
Bitwarden does seem more local than I initially assumed. I modeled it as trusting another entity with ones master key. Ideally, all reliance on external services shouldn’t require you to trust them, it should be mathematically impossible for them to betray you by design. A purely mechanical lock, for instance, cannot be hacked remotely. Self-hosting is superior to trusting other services, and the open source nature reduces the chance that it’s backdoored by quite a lot.
Mathematically, If I have one unique password that nobody else knows or can know (because it’s never used on any websites), and I use that to generate other passwords in an irreversible manner, then I can get away with remembering just one password, while still using hundreds of unique passwords on different websites. This might be what bitwarden does, in which case the only causes of concerns left are hardware backdoors and quantum computers. Doesn’t get much better than that
You fundamentally misunderstand the nature of Bitwarden password management. Bitwarden is zero-knowledge end-to-end encrypted:
They are also open source and regularly audited. You can also self-host.
Bitwarden does seem more local than I initially assumed. I modeled it as trusting another entity with ones master key. Ideally, all reliance on external services shouldn’t require you to trust them, it should be mathematically impossible for them to betray you by design. A purely mechanical lock, for instance, cannot be hacked remotely. Self-hosting is superior to trusting other services, and the open source nature reduces the chance that it’s backdoored by quite a lot.
Mathematically, If I have one unique password that nobody else knows or can know (because it’s never used on any websites), and I use that to generate other passwords in an irreversible manner, then I can get away with remembering just one password, while still using hundreds of unique passwords on different websites. This might be what bitwarden does, in which case the only causes of concerns left are hardware backdoors and quantum computers. Doesn’t get much better than that