I have what may be a stupid question…
How is it your master password is both used to decrypt your vault and used to authenticate with bitwardens public servers to acquire a copy of your vault/view it in the web app, but bitwarden can’t use that password entry to decrypt the vault themselves?
(please correct me if I’m misunderstanding, as I use self-hosted vaultwarden for my server instead of the public ones)
For authentication your password doesn’t need to be stored on the server. Instead, they store a password hash, which is essentially the answer that you get when you put your password in some sort of irreversible mathematical expression. By comparing the hash derived from your password when you enter it, with the hash from the database, they can confirm that you used the correct password. The decryption of your vault uses a different method and can’t be done with the password hash that they have stored in the database.
This is my best guess based on how hashing and encryption usually work, but I have no knowledge about the specific implementation of Bitwarden.