You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While discussing native messaging at TPAC, I mentioned Bitwarden encrypts these communication channels.
It was asked that I share a quick demo of that experience.
Bitwarden-IPC-fingerprinting.mov
What is going on here is the browser extension creating a public/private key pair, sharing the public one along the unencrypted and insecure native messaging pipe to the desktop application. The desktop application calculates a fingerprint of the public key and asks the user to verify it is the same one calculated by the browser. In this way, we ensure that no middle party intercepted and injected a compromised key to spy on communications between the applications.
The user experience of validating the fingerprint is not perfect, but without a supervisor (probably the OS) validating both isolated communications between the two applications AND validating the identity of both parties, we need to rely on the user to do so.
While discussing native messaging at TPAC, I mentioned Bitwarden encrypts these communication channels.
It was asked that I share a quick demo of that experience.
Bitwarden-IPC-fingerprinting.mov
What is going on here is the browser extension creating a public/private key pair, sharing the public one along the unencrypted and insecure native messaging pipe to the desktop application. The desktop application calculates a fingerprint of the public key and asks the user to verify it is the same one calculated by the browser. In this way, we ensure that no middle party intercepted and injected a compromised key to spy on communications between the applications.
The user experience of validating the fingerprint is not perfect, but without a supervisor (probably the OS) validating both isolated communications between the two applications AND validating the identity of both parties, we need to rely on the user to do so.