ND Bitwarden PINs can be brute-forced (ambiso.github.io)
441 points by aborsy 1089 days ago | 276 comments on HN ~lite vlite-2.0
Summary ~lite
Bitwarden's PIN feature can be brute-forced if an attacker gains access to encrypted vault data on a device.
Lite evaluation by llama-4-scout-wai-psq · editorial channel only · no per-section breakdown available
Longitudinal · 4 evals
+1 0 −1 HN
Audit Trail 17 entries
2026-03-05 15:08 eval_success PSQ evaluated: g-PSQ=0.006 (3 dims) - -
2026-03-05 15:08 eval Evaluated by llama-4-scout-wai-psq: +0.01 (Neutral)
2026-03-05 14:59 eval_success PSQ evaluated: g-PSQ=0.166 (3 dims) - -
2026-03-05 14:59 eval Evaluated by llama-3.3-70b-wai-psq: +0.17 (Mild positive)
2026-02-28 10:30 eval_success Lite evaluated: Moderate positive (0.36) - -
2026-02-28 10:30 eval Evaluated by llama-4-scout-wai: +0.36 (Moderate positive)
reasoning
Editorial discussing Bitwarden PIN security, implicitly supportive of user rights
2026-02-28 10:30 rater_validation_warn Lite validation warnings for model llama-4-scout-wai: 0W 1R - -
2026-02-28 10:25 eval_success Lite evaluated: Moderate positive (0.40) - -
2026-02-28 10:25 rater_validation_warn Lite validation warnings for model llama-3.3-70b-wai: 0W 1R - -
2026-02-28 10:25 eval Evaluated by llama-3.3-70b-wai: +0.40 (Moderate positive)
reasoning
Exposing security abuse
2026-02-26 06:53 dlq Dead-lettered after 1 attempts: Bitwarden PINs can be brute-forced - -
2026-02-26 06:44 credit_exhausted Credit balance too low, retrying in 273s - -
2026-02-26 06:39 credit_exhausted Credit balance too low, retrying in 302s - -
2026-02-26 06:07 dlq Dead-lettered after 1 attempts: Bitwarden PINs can be brute-forced - -
2026-02-26 05:54 credit_exhausted Credit balance too low, retrying in 326s - -
2026-02-26 05:38 dlq Dead-lettered after 1 attempts: Bitwarden PINs can be brute-forced - -
2026-02-26 05:29 credit_exhausted Credit balance too low, retrying in 244s - -