[Generated by AI]

The paper critically analyzes the security claims made by several widely-used cloud-based password managers that advertise “zero-knowledge encryption”. This is the property where the provider theoretically has no access to users’ plaintext passwords or vault contents.

The researchers assume a fully malicious server — that is, attackers who have complete control over the server infrastructure and can respond arbitrarily to client interactions. This is stronger than traditional models where attackers might only obtain stored encrypted data.

Three major password managers were analyzed: Bitwarden, LastPass, Dashlane. These services account for 10 millions of users (~23% market share).

The paper identifies multiple distinct attacks that break various security guarantees under the malicious-server model:

• 12 attacks against Bitwarden
• 7 against LastPass
• 6 against Dashlane

These range from integrity violations of specific user vaults to complete compromise of all vault data in an organization. Many of the identified attacks can lead to full recovery of stored passwords when the server behaves maliciously — undermining the advertised zero-knowledge guarantees.

The results highlight a broader point: cryptographic assurances depend heavily on threat models — in particular, whether the server can be fully malicious. If real zero-knowledge security under malicious servers is required, current designs may be insufficient.

Takeways:

• Users should be aware that “zero-knowledge encryption” may not be robust in server-compromise scenarios — even if it protects against passive breaches of encrypted data.
• The security of password managers still significantly improves over reusing passwords or storing passwords unencrypted — but the strongest claims require careful interpretation relative to rigorous threat models.