Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Bitwarden_rs
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Bitwarden_rs

It's unofficial Bitwarden compatible (self hosted) server written in Rust. Because it's unofficial. What do you think, is it secure? Or at least as secure as official Bitwarden.

Official Bitwarden needs a lot of ram compared to Bitwarden_rs. That's why it's very interesting project to me.

If you're using it, please tell us what kind of setup you have. Only localhost, vps, etc.

Thanks :)

Comments

  • CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
    da8ca88cacc9        bitwarden           0.00%               23.72MiB / 7.466GiB   0.31%               22MB / 33.9MB       138MB / 23.8MB      16
    

    Works great.

    Thanked by 1MGarbis
  • What do you think, is it secure?

    Without a qualified, independent audit by a trusted 3rd party, the best you can do is guess.

    What's your threat model? What would you be storing on it and how badly would it affect you if it got compromised? If you want to use it for your coffee shop loyalty cards, then it's probably fine. If you want to put your bank details and card numbers on it, then perhaps the most lightweight solution isn't necessarily the best one.

    Thanked by 2MGarbis Daniel15
  • @andreipoe said:

    What do you think, is it secure?

    Without a qualified, independent audit by a trusted 3rd party, the best you can do is guess.

    What's your threat model? What would you be storing on it and how badly would it affect you if it got compromised? If you want to use it for your coffee shop loyalty cards, then it's probably fine. If you want to put your bank details and card numbers on it, then perhaps the most lightweight solution isn't necessarily the best one.

    Good thinking. To me it would be 'a safe place' for username /password combinations to different forums and services. No bank or similar.
    So it's like 'easy to remember passwords' vs 'harder passwords stored in the Bitwarden'. Which is better? That's hard to say.

  • To be honest, I've switched very recently (like this week) from Passman (Nextcloud plugin) to Bitwarden_rs. Mainly because of the better support for Android, and also because the Passman plugin is maintained by a prick who doesn't have the time to maintain it, but also doesn't want to give it away to someone else, rendering the plugin useless with every Nextcloud update.

    I'm running it as a Docker image (as you likely got from my previous post), and it's running very smooth. It runs on my homeserver but I definitely wouldn't mind putting it on a VPS.

    In all honesty, if you setup your own, private, Bitwarden and take appropriate measures (i.e. 2 factor auth) I don't see why this wouldn't be safe. The hugest risk factor of a password manager (or cloud storage for that matter) is always that it's a public facing application and therefore has a shitload of bots, script kiddies and actual hackers trying to find flaws and breaches. If you run your own instance, and it's well protected by firewalls and the like, you're pretty safe.

    Thanked by 1MGarbis
  • in my opinion it is better to use official client, personally I use bitwarden self hosted at hetzner cloud with 2 GB of ram for 3.06 eur/mo

    Thanked by 1MGarbis
  • @solaire said:
    To be honest, I've switched very recently (like this week) from Passman (Nextcloud plugin) to Bitwarden_rs. Mainly because of the better support for Android, and also because the Passman plugin is maintained by a prick who doesn't have the time to maintain it, but also doesn't want to give it away to someone else, rendering the plugin useless with every Nextcloud update.

    I agree with you, I also found bitwarden as a passman replacement because of the same reasons as you, after last upgrade to nextcloud 14 it stopped working, so I edited some file to force passman to work and even then it didn't work as expected , there were some glitches here and there so I decided to foimd better alternative. I wasn't even be able to ex[port my password to the CSV so I had to copy / paste one by one to bitwarden.

    Thanked by 1MGarbis
  • marson said: I wasn't even be able to ex[port my password to the CSV so I had to copy / paste one by one to bitwarden.

    Yeah I ran into the very same issue. In case someone else is having this issue: add any file as an attachment to any of your password entries. Then the export magically starts working.

    Thanked by 1MGarbis
  • @marson said:
    in my opinion it is better to use official client, personally I use bitwarden self hosted at hetzner cloud with 2 GB of ram for 3.06 eur/mo

    That's a good price. It propably will not get much cheaper if I get vps(kvm) with 512M ram for Bitwarden_rs. The price is, of course, one thing that matters.

  • @solaire said:

    marson said: I wasn't even be able to ex[port my password to the CSV so I had to copy / paste one by one to bitwarden.

    Yeah I ran into the very same issue. In case someone else is having this issue: add any file as an attachment to any of your password entries. Then the export magically starts working.

    I tried that before but that didn't work for me.

    P.S unfortunately I have problem with bitwarden in android, it don't autofill the login forms in chrome or firefox, despite I checked autofill service in tools menu of the android app, I also tried to use accessibility settings but that didn't work either.

    Thanked by 1MGarbis
  • @marson said:

    P.S unfortunately I have problem with bitwarden in android, it don't autofill the login forms in chrome or firefox, despite I checked autofill service in tools menu of the android app, I also tried to use accessibility settings but that didn't work either.

    That's good to know. I'm not that far with my tests, yet. So I don't know if it works with me. I had the official one and now I'm running Bitwarden_rs. It's docker image mprasil/bitwarden, Let's encrypt certificate, port 443 open for Bitwarden_rs and port 80 for Certbot automated standalone renewal. So it's quite fast to setup. Still studying and testing how to make it more secure. Of course many things are the same with the official version, so I can use test results with it too. If I decide to go with it.

  • marson said: P.S unfortunately I have problem with bitwarden in android, it don't autofill the login forms in chrome or firefox, despite I checked autofill service in tools menu of the android app, I also tried to use accessibility settings but that didn't work either.

    Same issue here. Doesn't bother me too much as I can easily copy/paste the password from the app. I'm kinda used to that anyway.

    Thanked by 1MGarbis
  • PandyPandy Member
    edited December 2018

    @marson said:
    P.S unfortunately I have problem with bitwarden in android, it don't autofill the login forms in chrome or firefox, despite I checked autofill service in tools menu of the android app, I also tried to use accessibility settings but that didn't work either.

    just tried, seems so, wierd.

    have you tried the firefox addon for bitwarden? it could also work on mobile, but didnt have time to test that yet

    // https://help.bitwarden.com/article/auto-fill-android/#troubleshooting-the-auto-fill-accessibility-service

    yeah, that says firefox mobile wont work, but the addon route is a workaround.

    Thanked by 1MGarbis
  • solairesolaire Member
    edited January 2019

    @marson @MGarbis @Pandy

    It started to bother me today, so I went around to find the solution. Basically, what you have to do in Chrome (for Android) is to navigate to the following URL:

    chrome://flags/#enable-android-autofill-accessibility
    

    Make sure that flag is set to enabled, then restart Chrome in order for the change to take effect.

    Furthermore, in order for it to work, you need to make sure the "Auto-fill Accessibility Service" is enabled in the Bitwarden Android app. The regular "Auto-fill Service" does not work for webpages.

    Thanked by 2t0m MGarbis
  • Bitwarden? Rust? What are you kids talking about? I start to not get the lingo these days...

    https://www.reddit.com/r/TheSimpsons/comments/7ebv9m/i_used_to_be_with_it_but_then_they_changed_what/

    Thanked by 2Daniel15 eol
  • Since this unofficial server hasn't gone through a security audit, I'm not sure if I'd trust it as much as the official server. On the other hand, the official server is designed to host a LOT of users, so it might be overkill for a single user.

    Janevski said: Bitwarden? Rust? What are you kids talking about?

    Make sure you deploy it using Kubernetes on an IoT device. :tongue:

    Thanked by 1Janevski
  • Maybe I'll host it locally first. If it's enough, then there's no need to even think about vps for it.

    Thanked by 1eol
  • Daniel15 said: Make sure you deploy it using Kubernetes on an IoT device.

    Will it at least run on TempleOS?

Sign In or Register to comment.