Jump to content
  • 0

Encrypting/Decrypting text - serious design flaw

Roginator

Asked by Roginator,

Idea

Roginator

Roginator 3

Posted
Posted

I think there's a serious design flaw when it comes to encrypting/decrypting text. What happens if you mistype the password? You will never be able to decrypt it. Surely you should be required to re-type the password when encrypting it to minimise the risk of mistyping?

Link to comment

5 replies to this idea

Recommended Posts

  • 0
  • Level 5
PinkElephant

PinkElephant 8,095

Posted
  • Level 5
Posted

Simple answer: This is not the only flaw.

My recommendation: Don't use the feature. Don't use EN to store things like passwords. It will not encrypt text with any formatting, like bullet points. You can't encrypt attachments, so it is worthless for anything but plain text.

For safe storage of passwords, get a password manager.

For safe storage of documents, get a safe cloud service. Boxcryptor (or similar tools) will encrypt anything on your computer BEFORE it is uploaded to a cloud service of your choice. It will only be decoded locally, on demand.

Link to comment
  • 0
Roginator

Roginator 3

Posted
  • Author
Posted

Fair enough but I wasn't encrypting either passwords or a document. I was encrypting a short note and Evernote is where I store my notes. Anyway, I take your point but they really should either improve the feature or remove it.

Link to comment
  • 0
  • Level 5
PinkElephant

PinkElephant 8,095

Posted
  • Level 5
Posted

We have a long standing feature request to have an encrypted "secure" notebook inside of every EN account. It should only decrypt locally, never syncing not encrypted content with the server.

Everything else IMHO will not work without loopholes.

Link to comment
  • 0
  • Level 5
PinkElephant

PinkElephant 8,095

Posted
  • Level 5
Posted

1) My opinion: Never ever use this encryption feature to store passwords (you are just learning why). There are free (and more paid) password managers build for the job.

2) The easiest way to solve the problem is to install a legacy client on a PC or a Mac. Decrypt using this client, convert everything into plain (PLAIN !) text, encrypt again.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Idea Listing
×
×
  • Create New...