Hoe End-to-End Encryptie de weg vrijmaakt voor Zero Knowledge - White Paper

De basis van een veilige architectuur begint met encryptie, met name end-to-end encryptie. Bij Bitwarden versleutelen we uw gevoelige gegevens onmiddellijk zodra u ze invoert in een Bitwarden-client. Voordat de gegevens op je apparaat worden opgeslagen, worden ze gecodeerd. Er bestaat niet zoiets als onversleutelde Vault-gegevens, behalve wanneer u de controle hebt en de informatie bekijkt in een Bitwarden-client waar u uw e-mailadres en hoofdwachtwoord hebt ingevoerd.

Vanaf daar blijven alle Vault-gegevens versleuteld wanneer ze naar de Bitwarden Cloud of een zelf gehoste Bitwarden-server worden verzonden. Wanneer de gegevens naar andere clients worden gesynchroniseerd, blijven ze versleuteld totdat het unieke e-mailadres en hoofdwachtwoord opnieuw worden ingevoerd.

Dit betekent dat Bitwarden als bedrijf uw wachtwoorden niet kan zien, ze blijven end-to-end versleuteld met uw individuele e-mail en hoofdwachtwoord. We slaan uw hoofdwachtwoord nooit op en hebben geen toegang tot uw wachtwoord.

Voor kluisgegevens gebruikt Bitwarden AES 256-bits versleuteling, een industriestandaard die als onbreekbaar wordt beschouwd. Voor uw hoofdwachtwoord wordt PBKDF2 SHA-256 gebruikt om de sleutel af te leiden die uw kluisgegevens codeert. Ga voor meer informatie over de beveiliging van Bitwarden naar onze FAQ over beveiliging.

Het belangrijkste detail van end-to-end versleuteling is natuurlijk de sleutel om te ontsleutelen. Zolang dit alleen bij de eindgebruiker blijft, kan een oplossing evolueren naar een zero knowledge architectuur.

Er zijn gevallen waarin software- en serviceproviders versleuteling promoten, maar de sleutel behouden. Deze gevallen kwalificeren vanuit ons perspectief niet als nulkennis, omdat de software- en serviceproviders technisch gezien de mogelijkheid hebben om de gegevens te ontsleutelen.

When users have control of the encryption key, they control access to the data, and can provide encrypted data to a password manager without the password management company having access to, or knowledge of, that data.

This is the fundamental premise on which well-designed password managers work. They facilitate strong and unique passwords that only you can access. Doing so requires zero knowledge of the secret data, and therefore users must control the encryption key. We refer to this as zero knowledge encryption.

But there is information beyond the secret Vault data that might be shared with a software or service provider. For example, an email address might serve as a unique customer identifier. One could claim that this isn’t zero knowledge, and that would be correct.

At a minimum, zero knowledge must pertain to secret data. In the case of a password manager, that means all information within the password Vault. At the same time, it is important to recognize the realities of software, services, and users, and that in order for a commercial relationship to exist, their likely needs to be some knowledge exchanged between parties.

In the world of password managers, that line can get blurry. For example there are some password managers (not Bitwarden) that retain unencrypted URLs and websites for which you store passwords. While they claim that this benefits users, ultimately it provides these companies with detailed information on which websites users visit, when they do so, and every log in.

Bitwarden takes a more conservative view of what constitutes sensitive data, and therefore encrypts all of the information in your Vault, including the websites you visit, even the names of your individual items and folders. We use the term zero knowledge encryption because only you retain the keys to your Vault, and the entirety of your vault is encrypted. Bitwarden cannot see your passwords, your websites, or anything else that you put in your Vault. Bitwarden also does not know your Master Password. So take good care of it, because if it gets lost, the Bitwarden team cannot recover it for you.

The zero trust model initially emerged as a way for organizations to get beyond the traditional thinking of internal and external threats to their IT operations. Today, companies need to protect from threats coming from both inside and outside. Zero Trust models often use technologies like identity and access management, encryption, multi-factor authentication, and permissions to operate.

Of course, between password managers and users adopting software or services, there is likely going to be at least some element of trust between the two parties. The password management provider trusts that the user will not violate the terms of service, and the user trusts that the password management provider will live up to their stated offering. However, everyone is better off if the boundaries of required trust are limited, so that even the possibility of sensitive data being compromised is eliminated altogether, hence the zero trust model.

While we stand by to support our customers with a trusted relationship, we can reduce the reliance on implied trust through the Bitwarden self-hosted offering. This deployment enables businesses with greater flexibility and control over their infrastructure. Running your own Bitwarden instance could be on an airgap network, further reducing risks by being disconnected from the internet.

At Bitwarden we take this trusted relationship with our users seriously. We also built our solution to be safe and secure with end-to-end encryption for all Vault data, including website URLs, so that your sensitive data is “zero trust” secure.