It's not centralized, of course; you still have to download the entire database, and then potentially upload the entire database again for any changes; but it doesn't have these vulnerabilities.
The main issue with these managers. I use an encrypted text file and Emacs, nothing on the cloud for me.
There are certain types of data I prefer to have complete control over. Passwords, no matter how encrypted they claim to be, are top of the list.
The researchers demonstrated 12 attacks on Bitwarden, 7 on LastPass and 6 on Dashlane
> We examine the extent to which security against a fully malicious server holds true for three leading vendors who make the Zero Knowledge Encryption claim: Bitwarden, LastPass and Dashlane [...] The attacks range in severity, from integrity violations of targeted user vaults to the complete compromise of all the vaults associated with an organisation.
almost all online services would be "vulnerable" in this way - take almost any login system. an RCE on a system hosting a login page would obviously be vulnerable to account takeover
better link here (the technical details): https://zkae.io/
Second: The provider can get the passwords with a simple server change.
Enough said. This kind of stuff should be offline only. If you need to access your password database on multiple devices, set up a LAN and/or a Wireguard tunnel for remote access.
mjamil•39m ago
rorylawless•26m ago
tempay•23m ago
kenniskrag•23m ago
> IMPACT. Complete compromise of vault confidentiality and integrity. The adversary can read and decrypt all vault con- tents encrypted after the attack, including passwords, credit card information, secure notes, and other sensitive data stored in the vault. Similarly, they can inject new items into the vault after the attack. REQUIREMENTS. The client fetches key material from the server, for example due to the user logging in on a new device. If executed on a non-empty vault, the attack results in the client losing access to all items already in their vault, while leaking any new items added to the vault after the attack took place. If the attack is executed at the time of vault creation, the attack is effectively undetectable by the client, since it cannot distinguish between a ciphertext it created and the ciphertext created by the server during the attack. PROPOSED MITIGATION. A straightforward mitigation is to have the client sign vault keys using the RSA private key in the keyset before encrypting them with the RSA public key. Ideally, two different key pairs would be used for...
from the paper: https://eprint.iacr.org/2026/058.pdf