I was hoping to read a security review of Bitwarden. Does that exists?
Here’s an audit from 2020, and in that post is a link to one from 2018 [PDF].
I do not have the knowledge to write one. But I know someone who does. I will contact him and see if he is interested in writing a review.
That would be very interesting. Are my passwords safe on my own hosted Bitwarden server?
My current approach is to run bitwarden on my local network and setup the docker networking so that the bitwarden container doesn’t have access to the internet. If I wanted to expose it to the public internet, I’d connect the container to a VPN, not rely on the authentication (since I’m running the bitwarden_rs fork).
On the topic, 1Password isn’t OSS, but they’re very open about their encryption and file formats, and they’re the only option that hasn’t yet had a major breach that I know of. I don’t mind paying them at all.
I left 1Password after they started forcing everyone into the subscription model after I’d already given them $100+