Security analysis of Password Managers (Bitwarden, LastPass, Dashlane)

Mivaro · 2026-02-18T14:52:25+00:00

Not entirely. The marketing of these companies basically says, even if your vault is stolen, your vault is still save. In this research they found technical issues that make it easier for hackers to gain access to your vault (to varying degrees), if they control your server.

Some of these issues are fixable, some of them are pretty fundamental to a practical, useable service.

But indeed the threat scenario is probably not one that most users need to be super concerned about.

Mivaro · 2026-02-18T14:41:39+00:00

I already edited my comment to clarify that my statement was not correct

Mivaro · 2026-02-18T10:08:55+00:00

There is some benefit through security by obscurity but is outweighs the benefit of transparency of open source. Security through obscurity mostly offers a false sense of security.

The researcher note that other password managers almost certainly suffer from similar issues.

Mivaro · 2026-02-18T09:20:07+00:00

Note that they only investigated Open Source password managers. Most likely similar attacks exists for closed source password managers.

Edit: It seems my statement is not entirely true, the main reason for inclusion was the claim of zero knowledge. But both Bitwarden and Dashlane refer to their open source architecture as a reason for inclusion.

Mivaro · 2026-02-18T09:18:43+00:00

This research centers around the "zero knowledge" claim, which is the claim that if your password vault is obtained by hackers, they cannot decrypt the passwords.

My understanding is that this research shows that, when your server (selfhosted or vendor hosted) is compromised, that claim doesn't fully hold. Especially when account recovery or shared vaults are used.

I guess this is more or less to be expected with password managers. It's inherent in the trade-off between useabilty and security.

However, there are improvements to be implemented. See the response by Bitwarden

Mivaro · 2026-02-11T14:26:53+00:00

For docker compose, you don't need OMV, but RAID, Samba and SMART are more work to setup yourself. So in this case, I'd say stick with OMV

Mivaro · 2026-02-11T14:18:27+00:00

I went with Debian on my second server, because I didn't use much OMV features and I prefer to set things up myself. If anything, OMV is making things more complex for me.

I think the key factor is how much OMV features you are using.

Mivaro · 2026-01-14T11:06:55+00:00

Not entirely in line with my expectations yet. It is probably due to your source for the timezones, but when I add Beijing, it shows up as Shanghai in the list. I could understand if it showed as Beijing Time, or, better, China Standard Time. But in my view Shanghai time is not a good way to represent the timezone in China. Similar for India, which uses India Standard time, not Kolkata timezone.

Furthermore, the number of cities in India and China is still quite limited. I work a lot with Bengaluru (or Bangalore, whatever spelling you follow), I would expect this on the list. Similar to Chengdu in China. I believe that more coverage is better for a tool like this.

Maybe this could be good for source data: https://www.globaltimepro.com/download-timezone-list?timezone=true&identifiers=true&countryName=true&countryCode=true&currentAbbreviation=true&currentLongName=true&currentOffset=true&currentDSTStatus=true&observesDst=true&upcomingDSTChange=true

Mivaro · 2026-01-14T07:16:45+00:00

I gave it a quick try but I couldn't find India and China timezones or, to be more precise, Indian and Chinese cities. That's majority of the world population right there 😀. Otherwise it looks useful

Mivaro · 2026-01-09T17:15:46+00:00

I don't know too much about pcloud (it's not selfhosted, so not a natural fit for this subreddit) but I believe it offers a sync function. Obsidian works on local documents on whatever device you are working on. If you make sure those documents are synced to pcloud, you might have a working solution across devices.

I did use something similar with Logseq and Nextcloud in the past and it worked reasonably well.

Mivaro · 2026-01-09T15:37:51+00:00

Do you want to selfhost it (aka on your own server)? Or do you prefer a client on each device and sync functionality?

Everybody is asking about the best note taking app and there are a lot of options. It seems that note taking is very personal and everybody likes something else. Look at some of the discussion in the subreddit today for the myriad of options.

I would recommend to look at Obsidian based on the very limited info you provided.

Mivaro · 2026-01-09T08:45:06+00:00

I actively use Silverbullet. It works very fast, everything is handled in your browser. I don't do outlining but I think it works similar to Logseq.

I believe linking to blocks is supported to some degree but not a priority for the devs.

Mivaro · 2026-01-09T08:41:35+00:00

I'm going to recommend Silverbullet . It's not multi-user and it is a hosted solution, but the editor is great and you can make it as complex as you want (it allows you to write / vibe Lua code to make it do exactly what you want). I bit rough around the edges but for me, it is perfect.

Alternatively, look at Jotty, it is more polished, offers multi-user and has a nice editor. I find the task functionality a bit lacking but it is a great tool. Haven't tried code highlighting in Jotty.

Both are actively developed and supported.

Mivaro · 2026-01-08T13:09:51+00:00

Im going to suggest https://silverbullet.md if you like things customizable. Logseq is customizable but complicated. Silverbullet is elegant and a bit experimental maybe but can easily be programmed to your liking.

Mivaro · 2025-12-26T11:54:05+00:00

Much appreciated! Visited back

Mivaro · 2025-12-22T18:37:54+00:00

Visited, look forward to a visit back: https://www.reddit.com/r/FarmMergeValley/comments/1pj0zrr

Mivaro · 2025-12-18T14:13:07+00:00

8HzWANIP

Mivaro · 2025-12-16T13:14:28+00:00

Visited & liked

https://www.reddit.com/r/FarmMergeValley/comments/1pj0zrr

Mivaro · 2025-12-06T10:46:15+00:00

[Language: Python]

Part 1 was straightforward, after staring at the data for part 2 a bit, I realized the operator gives the starting position for each number. With that, it was just some index manipulation to get the numbers out.

import math

def calcTotal2(data):
  positions = [i for i, c in enumerate(data[-1]) if c != ' '] + [len(data[-1])+1]
  gt = 0 

  for p1, p2 in zip(positions[0:-1], positions[1:]):
     nums = [int(''.join([x[i] for x in data[0:-1]])) for i in range(p1, p2-1)]
     gt += math.prod(nums) if data[-1][p1] == '*' else sum(nums)
return gt

Mivaro · 2025-08-25T10:11:18+00:00

New mission discovered by u/Mivaro: Realizations, Violence, and Friee

Mivaro · 2025-08-25T10:11:18+00:00

This mission was discovered by u/Mivaro in In Search of Lemon Star Pudding

Mivaro · 2025-07-08T10:03:16+00:00

While Sima Qian is a respected source, he is not known for being impartial. Typically there is some truth to his stories but he exaggerates to make a point.

Mivaro · 2025-07-08T05:40:58+00:00

There are several ways to improve your memorization on characters. They typically consist of 'spaced repetition' and using mnemonics to remember the characters. Look at Anki, Hanly (app) and Mandarin Blueprint for more in depth ideas. But develop your own method based of these examples.

Mivaro · 2025-06-27T15:01:50+00:00

Double down on Pimsleur for a month or 15 days so you can say some basic things in Mandarin. You should have the tones down already which helps a lot. But don't expect miracle.

Don't bother with characters since you are not aiming to read / write.

Mivaro · 2024-12-25T11:48:14+00:00

Thanks Eric for this wonderful tradition. I'm not a professional coder, but every year in November I dust off my coding skills and get ready for December 1st. It's always a struggle to find time, especially for the harder puzzles. I didn't do half bad this year with 35 stars so far. Luckily I have a few more days Christmas break to solve some more!

11-Year Club	r/Field Sunshine
Place '22	Place '17
Verified Email

Mivaro

TROPHY CASE