![]() I git clone it to all my laptops, phones and anything else I need.I use KeePass and I sync it using a git repository: This includes master keys for password managers, banking account logins and Bitcoin wallet seeds. Some data I just don't like stored on a PC anywhere at all. If the government is after you, then perhaps you might be vulnerable, but then you'd have more than a password manager to worry about. ![]() Even then, Bitwarden (the official server with paid Enterprise support) would be a great choice. If I were a major corporation with data worth millions or billions then I'd worry, but if you're just an individual and the system is well-secured, it would make no sense to even attempt attacking your password management server. How likely is it that one is going to target your server with an attack that works specifically against a Bitwarden_RS instance, compared to the risk of one of your personal computers getting compromised by malware? ![]() You need to assess attack vectors and risk scenarios. Is it dumb to store banking creds in this manner? Decryption always happens only on the client: this is called a "zero-knowledge" model. Otherwise, the server only stores ciphertext and never sees the crypto keys used by the clients to encrypt credentials. The server is implemented in Rust using RocketRS, a web library with a heavy focus on security. The only sort of potential vulnerability that might compromise security is one that lets an attacker manipulate the static pages served by the webserver, thusly inserting code that intercepts the key and sends it to some sort of CnC server I doubt the developer has screwed up so bad that static web content can be modified. Bank accounts aren't on there anyway, so there is much more money to be made elsewhere. I trust that Dani Garcia has done a good enough job securing the setup and few would care enough to try and hack my instance in particular. Skipping HTTPS and only using a VPN for encryption is not only malpractice, but it's often impractical since many modern web browsers disable JS cryptographic functions on pages loaded over insecure protocols, preventing Bitwarden from working. Doing this with a VPN and selfsigned certificates would be way too much of a hassle and the inconvenience of having to alter the trustroot on every device and browser, + having to connect to a VPN each time, would really outweigh any potential security benefits. What Is SelfHosted, As it pertains to this subreddit? Also include hints and tips for less technical readers. We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Service: Blogger - Alternative: WordPress Service: Google Reader - Alternative: Tiny Tiny RSS Service: Dropbox - Alternative: Nextcloud While you're here, please Read This FirstĪ place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control. ![]()
0 Comments
Leave a Reply. |