Replies: 2 comments
-
If you are only checking the server code you are missing much of the larger picture (i.e. what's happening client-side before the server gets anything. If you compare with the Bitwarden Security Whitepaper you can see that it's a bit more complicated than that. |
Beta Was this translation helpful? Give feedback.
-
Checkout this post and the link to a script already created. It might be it needs some changes depending on which hashing is used on both Vaultwarden and Bitwarden side. |
Beta Was this translation helpful? Give feedback.
-
Hi, this is probably a tired question, but I'll ask...
I run a vault for my family and my wife has either forgotten or misremembered her master password. She thinks she knows what it ought to be like, but it's tedious to test passwords in the app.
As I have the sqlite3 database handy, my thinking is that I write a Python script to run through the various permutations of what she believes the password might be (taking into account her typical permutation variations) to see if I can get the correct value for her. I've had a look at how the values for the password_salt and password_hash are stored in sqlite3 and it isn't clear to me how I should parse these things.
Is there anyone out there who has done something similar? I'm pretty comfortable with Python and databases, but I don't know much about Rust; I took a quick look at the code and it appeared to be using an array of bytes to store these values but when I attempt to replicate what I think is happening in Rust using Python, my hash doesn't match.
Here's my current code for testing against my own (known!) password:
Beta Was this translation helpful? Give feedback.
All reactions