This isn't about which product is "better." It's about understanding which trust model fits your needs.
Architecture: Where Does Your Vault Live?
This is the most fundamental difference between the two:
| Aspect | Bitwarden | VaultKeepR |
|---|---|---|
| Vault storage | Bitwarden's cloud servers (Azure) | IPFS (decentralized network) |
| Server infrastructure | Centralized (Microsoft Azure) | No central vault server |
| Self-hosting | Available (complex setup) | No (decentralized IPFS network) |
| Data persistence | Depends on Bitwarden's uptime | Persists on IPFS regardless of VaultKeepR's status |
| Single point of failure | Yes (Bitwarden servers) | No |
Bitwarden encrypts your vault client-side and stores the encrypted blob on their servers. This is a solid approach, but your data's availability depends on Bitwarden staying online and operational.
VaultKeepR pushes your encrypted vault to IPFS — a peer-to-peer network where data is content-addressed and can be pinned by anyone. Even if VaultKeepR completely shuts down, your vault remains accessible on the network.
Encryption: How Are Your Passwords Protected?
Both products use strong cryptography, but the approaches differ:
| Feature | Bitwarden | VaultKeepR |
|---|---|---|
| Cipher | AES-256-CBC | XChaCha20-Poly1305 |
| KDF | PBKDF2 (default) or Argon2id | Argon2id (always) |
| Authentication | HMAC-SHA256 | Poly1305 (built into AEAD) |
| Nonce size | 128-bit IV | 192-bit (XChaCha20) |
| Key binding | Email + master password | Master password + wallet signature |
Why XChaCha20-Poly1305?
AES-256 is battle-tested and remains secure, but XChaCha20-Poly1305 offers advantages:
- Authenticated encryption by default — Poly1305 provides authentication as part of the cipher, eliminating the need for a separate HMAC step
- 192-bit nonces — Virtually eliminates nonce collision risk, critical for long-lived keys
- Constant-time on all platforms — No need for hardware AES-NI; performs consistently across devices
- Used by Signal, WireGuard, Cloudflare, and other security-focused systems
Authentication: How Do You Prove It's You?
| Feature | Bitwarden | VaultKeepR |
|---|---|---|
| Account type | Email + master password | Wallet signature (no email required) |
| 2FA for login | TOTP, FIDO2, email | Wallet signature IS the 2FA |
| Password reset | Email-based (server-side) | Not possible (by design) |
| Account recovery | Emergency access (trusted contact) | Shamir Secret Sharing (3-of-5 threshold) |
VaultKeepR's wallet-based authentication changes the attack surface:
- No email to phish — Your wallet address is your identity
- No password database on the server — There's no "master password hash" stored anywhere
- Cryptographic proof — EIP-191 signatures are unforgeable without your private key
Privacy: What Does the Provider Know About You?
This is where the philosophical difference becomes concrete:
| Data point | Bitwarden | VaultKeepR |
|---|---|---|
| Email address | Required | Not required |
| IP address | Logged by servers | Logged by IPFS gateways (same as any web request) |
| Vault structure | Encrypted (not visible) | Encrypted (not visible) |
| Number of entries | Potentially inferrable from blob size | Same (blob size) |
| When you sync | Server timestamps | IPFS CID updates (pseudonymous) |
| Payment info | If premium (Stripe) | If premium (Stripe) — identical |
| Account existence | Known to Bitwarden | Only a wallet address to CID mapping |
Bitwarden is transparent and privacy-respecting. But the fundamental difference is that VaultKeepR never needs your real identity. A wallet address is pseudonymous — it doesn't link to your name, email, or any personal information unless you choose to reveal it.
Pricing: Cost of Ownership
| Plan | Bitwarden | VaultKeepR |
|---|---|---|
| Free | Unlimited passwords, 2 devices | Unlimited passwords, 5 devices |
| Premium | $10/year | Premium — TOTP, email aliases, Shamir recovery, 1 GB cloud |
| Pro | $40/year (6 users) | Pro — 50 GB cloud, all Premium features |
| Ultimate | — | Ultimate — unlimited* cloud, all features |
| Lifetime | — | 299€ one-time, Ultimate for life, crypto-only |
VaultKeepR's free tier supports more devices (5 simultaneous) than Bitwarden's (2 devices). The Premium, Pro, and Ultimate tiers add progressively more cloud storage and advanced features like Shamir recovery and email aliases.
Open Source: Transparency Comparison
| Aspect | Bitwarden | VaultKeepR |
|---|---|---|
| Client code | Open source (GPL-3.0) | Core crypto open source (MIT) |
| Server code | Open source (bitwarden/server) | API is proprietary |
| Crypto library | Uses platform WebCrypto + libs | Dedicated @vault-keeper/core package |
| Audit history | Multiple third-party audits | Planned (not yet completed) |
Bitwarden has a significant advantage in audit history. VaultKeepR's @vault-keeper/core is fully auditable on GitHub, but formal third-party audits are on the roadmap.
When to Choose Each
Choose Bitwarden if:
- You need team/family sharing today
- You prefer a product with multiple completed audits
- You want email-based account recovery
- You're not in the crypto/Web3 ecosystem
Choose VaultKeepR if:
- You want no central server holding your vault
- You prefer wallet-based authentication over email/password
- You value data persistence independent of any company
- You want Shamir-based recovery instead of trusting a contact with full access
- You need 5 simultaneous devices on the free plan
- You're comfortable with the responsibility of true self-custody
The Bottom Line
Bitwarden is an excellent, well-audited password manager. If you're happy trusting their infrastructure and want a mature ecosystem with team features, it's a great choice.
VaultKeepR offers a different trust model. Your vault lives on a decentralized network, your identity is a cryptographic key pair, and no company — including us — can access your data. It's a trade-off: more control means more responsibility.
The question isn't "which is more secure?" Both use strong cryptography. The question is: who do you want to trust with your vault's availability and your identity?
VaultKeepR is free to start — connect your wallet and you're ready to go.
Top comments (0)