zipmob 0 Posted June 13, 2008 Share Posted June 13, 2008 HiJust wondering if you would be enabling encryption for whole notebooks or a single note instead of just selected text? I think it would be more useful if we could encrypt whole notebooks for privacy just like Together (Mac).Otherwise, it is a great software. Link to comment
toddm 0 Posted June 15, 2008 Share Posted June 15, 2008 I agree. This would be a useful feature. Link to comment
CypherGary 0 Posted June 15, 2008 Share Posted June 15, 2008 I am not sure how well encrypting an entire note would work.How would you find the note later? You can not search out encrypted text.Just a thought.-Gary Link to comment
gnologic 11 Posted June 16, 2008 Share Posted June 16, 2008 Certainly, the note could not be searched, and it does kind of spoil the point of a program that boast of it's "searchability". But it would still have a non-encrypted title to identify it, I presume, and would be more convenient than digging for certain parts of a long text note to encrypt. On second thought, I guess it's easy enough to "select all". Link to comment
toddm 0 Posted June 16, 2008 Share Posted June 16, 2008 I'm no encryption guru, but I don't see why search can't work with encryption. Depending on the algorithm it seems like you could encrypt the search terms, match them against the encrypted index, and it would point you to the proper note. Of course if you can't encrypt each indexed word individually this might not be so simple.Anyway, unless one of the commenter's really knows encryption I wouldn't assume it's not possible. Link to comment
iafanasyev 1 Posted June 16, 2008 Share Posted June 16, 2008 I'm no encryption guru, but I don't see why search can't work with encryption. Depending on the algorithm it seems like you could encrypt the search terms, match them against the encrypted index, and it would point you to the proper note. Of course if you can't encrypt each indexed word individually this might not be so simple.Anyway, unless one of the commenter's really knows encryption I wouldn't assume it's not possible.If we can somehow encrypt the search term, as you propose, this means that we have to know your encryption passphrase. And we really do not want to. Moreover, you can use different passphrases for different encrypted text snippets, so this would even require saving somewhere all your passphrases for search to work, which defeats all the strong security behind this feature. Link to comment
toddm 0 Posted June 16, 2008 Share Posted June 16, 2008 Maybe I'm thinking of a different usage model. For example with Evernote 2.2 I can password protect a database, but the data is not encrypted. In the model I'm envisioning knowing this password gives access to the entire encrypted database.This is separate from being able to encrypt only portions of notes. Link to comment
droopy 0 Posted July 16, 2008 Share Posted July 16, 2008 Maybe I'm thinking of a different usage model. For example with Evernote 2.2 I can password protect a database, but the data is not encrypted. In the model I'm envisioning knowing this password gives access to the entire encrypted database.I would also like to be able to password protect an entire notebook or database as in EN2 while at the same time encrypting selected parts of it. As far as I can tell, you have to close the account manually before exiting the programme if you want the database to be password protected. I would prefer to have the option of password protection being always activated when starting EN3. Link to comment
iafanasyev 1 Posted July 16, 2008 Share Posted July 16, 2008 As far as I can tell, you have to close the account manually before exiting the programme if you want the database to be password protected.Closing the database in Windows client does not password-protect the database, but removes the sync password from the database. The user can open the database without providing the password, but the sync will not work until the password is provided. So, closing the database will just ensure no one can do any harm to your account, but will not protect local data. Link to comment
vamp07 0 Posted July 17, 2008 Share Posted July 17, 2008 In my opinion encrypting the local database should be a very high priority item. Link to comment
engberg 89 Posted July 17, 2008 Share Posted July 17, 2008 We do not plan to implement our own custom encryption scheme for your local database files, since your operating system gives built-in encryption capabilities that will offer you protection for all of the information on your drive. (And a large number of great third-party utilities are available if you don't like the one in your OS.)Implementing local encryption in each app is much more error-prone than just doing it consistently at the OS level. Link to comment
eseason 0 Posted July 17, 2008 Share Posted July 17, 2008 (And a large number of great third-party utilities are available if you don't like the one in your OS.)for example: http://www.truecrypt.org/just create your notebook on the encrypted volume Link to comment
vamp07 0 Posted July 17, 2008 Share Posted July 17, 2008 truecrypt is wonderful but only if you have admin privs. Link to comment
zipmob 0 Posted August 18, 2008 Author Share Posted August 18, 2008 I was hoping that encryption for a note or multiple notes would be implemented, just like in OneNote. Sometimes, there are some notes you wish to keep private and just encrypting the text portion is not enough. Link to comment
Tullio 0 Posted February 14, 2009 Share Posted February 14, 2009 Closing the database in Windows client does not password-protect the database, but removes the sync password from the database. The user can open the database without providing the password, but the sync will not work until the password is provided. So, closing the database will just ensure no one can do any harm to your account, but will not protect local data.If I close the database I can't open it without providing the password. Or I hope so. maybe something have changed?It seems to be like that on my XP machine but I'm not sure I can "Sign out..." from my Macs? Link to comment
engberg 89 Posted February 16, 2009 Share Posted February 16, 2009 The password is used to synchronize to the service. This is similar to a password in your mail client. Like your mail client, the data on disk is readable to someone who has access to your computer. If you are worried about someone accessing your local computer to read your mail or your Evernote notes, you should use the screen lock password and/or disk encryption features that come with your OS, or use a good third party solution like TrueCrypt. Link to comment
325xi 0 Posted February 17, 2009 Share Posted February 17, 2009 If we can somehow encrypt the search term, as you propose, this means that we have to know your encryption passphrase. And we really do not want to. Moreover, you can use different passphrases for different encrypted text snippets, so this would even require saving somewhere all your passphrases for search to work, which defeats all the strong security behind this feature.This is where the problem lays - for some reason Evernote designers think that security should be either strong, or none. What's wrong with user's desire for another level of basic data protection? All the suggestions from stuff come to the same idea - users should change their habits and behavioral patterns of handling information. Don't you think this is at least ridiculous - you're dealing with private, "home" users, not with corporate employees bound by corporate security regulations and watched by security officer! In most of cases "home" users don't have enough time, knowledge, and other resources to setup proper secure environment. User may not want to invest that much his time to setup things like file system level encryption simply because his home computer has only so much valuable information. Using Evernote from encrypted drive on every computer severely affects user experience - if drive isn't mounted after reboot, which happens rather often, Evernote won't run and sync. Flash drives are easy to forget - so it's not a viable option either.Users want convenience of extra level of basic data protection - and whoever wants strong security most likely already knows how to achieve that. Link to comment
Tullio 0 Posted February 18, 2009 Share Posted February 18, 2009 Closing the database in Windows client does not password-protect the database, but removes the sync password from the database. The user can open the database without providing the password, but the sync will not work until the password is provided. So, closing the database will just ensure no one can do any harm to your account, but will not protect local data.If I close the database I can't open it without providing the password. Or I hope so. maybe something have changed?It seems to be like that on my XP machine but I'm not sure I can "Sign out..." from my Macs?The password is used to synchronize to the service. This is similar to a password in your mail client. Like your mail client, the data on disk is readable to someone who has access to your computer. If you are worried about someone accessing your local computer to read your mail or your Evernote notes, you should use the screen lock password and/or disk encryption features that come with your OS, or use a good third party solution like TrueCrypt.I still don't understand. On my XP machine I can't see my notes (data on my disk) if I don't sign on for synchronization. Link to comment
engberg 89 Posted February 18, 2009 Share Posted February 18, 2009 I still don't understand. On my XP machine I can't see my notes (data on my disk) if I don't sign on for synchronization.The login name and password is used when you synchronize. It isn't checked until that point. Link to comment
tmorv 0 Posted March 1, 2009 Share Posted March 1, 2009 I definetly agree with all of you guys from the user perspective. Evernote won me by giving me a more "global access" to my files than OneNote 2007 but I think still that OneNote has a BIG hand over Evernote when it comes to the way they both let you freely manipulate content on a "page / sheet" and the whay you can password protect each folder / sheet.At home I have a computer that is always on and we all (family) use it. There are some research papers, etc. that I would HIGHLY miss if deleted by a family member. (Yes yes, we could have many accounts, etc.) but the best is:a. Give us an option to have to type in a password when booting Evernoteb. Give us an option to password protect "parts" of Evernote.There a a couple of given good things about this: Especially when it comes to searching "all documents". Lets say you store private files, etc. in a "Password protected" Notebook but want to search all the rest 10 notebooks you have? In OneNote it´s easy, not in Evernote. Either you have to there search a given Notebook or just accept that "all documents" pops up in the search field.Hopefully you guys listen to your users, and if I can suggest something I would love it that the product is user innovated based on "online polls" in the forum or web page so we all can take part in this great softwares future development! Isn´t this the most risk free way of continuing making a great product knowing that "most of our users" want this or that new feature? And not just sitting in the office being "creative by yourselves"? ;-)TMORV Link to comment
Dribbler 0 Posted March 1, 2009 Share Posted March 1, 2009 Personally, I want to be able to lock notebooks or notes- here is why.I want to use Evernote for everything. Work notes, personal diary / health notes, scanned bills / home office information, web archives primarily.To be useful to me, I don't want to have to worry that at work, my personal diary / health notes notebook might be unencrypted if I walk away to use the bathroom or get a cup of coffee, so I don't use evernote for that, but I do want to leave Evernote open for easy access to add work related notes without faffing around with extra layers of passwords for quick notes if the boss comes in. I completely understand that if a notebook is encrypted, I can't search it- I expect that. I would like options like auto lock after X minutes, on exit etc. MacJournal handles it really well, and on a notebook basis if you want to see how it should be done.Hope you reconsider it- if you really want people to put all their digital lives in your product, I think you need to. For instance, if I am ever going to trust Evernote with scans of my home office or passports etc (and that is probably where the subscription money is for you guys, in large amounts of images / pdfs), then I need to know that my pdfs are encrypted on your server, and also encrypted on my work machine, and likely to stay that way because I never (or very rarely) even decrypt them.At the moment I use Evernote, MacJournal and DevonThink Professional- adding this feature would allow me to dump the other two and just use Evernote, plus make it much easier to view everything on my Work Windows PCs and iPhone.Thanks,Simon Link to comment
Scooter 11 Posted June 11, 2010 Share Posted June 11, 2010 I have encrypted a lot of stuff using the built in encrypt text. An I reading this correctly, such text is NOT indexed? Even if I'm using the 'house' encryption built right into the program? Link to comment
baumgarr 17 Posted June 11, 2010 Share Posted June 11, 2010 You are correct. If you are encrypting text, that text is not indexed. In order to index it they would need to either store your password to decrypt it later for indexing (which is insecure) or have a back door into your encrypted text so they could index it later (which is also insecure). Indexing your encrypted text would also mean that a determined person could figure out the contents of your note by looking at the search index. Link to comment
Scooter 11 Posted June 11, 2010 Share Posted June 11, 2010 Ok. Thank you. That is good to know. I'm with the rest, I wish it could be globally encrypted.Also, and this is a non-programmer speaking. I assume that the letters are scrambled based on the password. If the indexer scanned the encrypted data, then you had to enter the password every time you enter a search term, wouldn't is scramble the search term to the same pattern and STILL work? That would still be secure, because it would only be scrambled data terms searching scrambled data.Naturally, I know NOTHING about this, but I'm curious if I'm thinking about this correctly. Link to comment
baumgarr 17 Posted June 11, 2010 Share Posted June 11, 2010 It's not that easy. The encrypted text changes based upon the contents of what you are encrypting. For example, if I encrypted the phrase "This is secure text" in one note with the password 12345, I get the encrypted string "QZ9UYBJeFSsP8xDSjKCcutlF+iwIBH+". If I then encrypt the phrase "secure text This is" with a password of 12345, I get the encrypted string "RH1CKkXm0O7DRlu0rw+mzfiD3LM64r55". Notice that the spaces are also encrypted so I can't even find where one word ends & another begins. Wouldn't life be much easier if we could just trust each other? Link to comment
BurgersNFries 2,407 Posted June 11, 2010 Share Posted June 11, 2010 If the indexer scanned the encrypted data, then you had to enter the password every time you enter a search term, wouldn't is scramble the search term to the same pattern and STILL work? That would still be secure, because it would only be scrambled data terms searching scrambled data. I don't know how encryption works but wow...I don't want to have to enter my password each time I run an EN search!!! :shock: Wouldn't life be much easier if we could just trust each other? (It sure would!) Link to comment
dan7000 26 Posted June 11, 2010 Share Posted June 11, 2010 If the indexer scanned the encrypted data, then you had to enter the password every time you enter a search term, wouldn't is scramble the search term to the same pattern and STILL work? That would still be secure, because it would only be scrambled data terms searching scrambled data.I don't know how encryption works but wow...I don't want to have to enter my password each time I run an EN search!!! :shock: All you would really have to do is enter your password on startup. This is how, for example, Quicken works, and it is both secure and easy to search. http://www.accountantforums.com/quicken ... 34492.html. [caveat]The same thing could be done with the online file - simply decrypt the whole file or a portion of the file using the password every time you log in. You also have to pass the password in to the server every time you sync. This, for example, is how Quicken.com worked around 10 years ago when it just provided an online database for your quicken transactions. Link to comment
Scooter 11 Posted June 12, 2010 Share Posted June 12, 2010 It's not that easy. The encrypted text changes based upon the contents of what you are encrypting. For example, if I encrypted the phrase "This is secure text" in one note with the password 12345, I get the encrypted string "QZ9UYBJeFSsP8xDSjKCcutlF+iwIBH+". If I then encrypt the phrase "secure text This is" with a password of 12345, I get the encrypted string "RH1CKkXm0O7DRlu0rw+mzfiD3LM64r55". Notice that the spaces are also encrypted so I can't even find where one word ends & another begins. Wouldn't life be much easier if we could just trust each other? It sure would. But... human nature. Thanks for the info. I'm learning. Link to comment
BurgersNFries 2,407 Posted June 12, 2010 Share Posted June 12, 2010 [quote="dan7000All you would really have to do is enter your password on startup. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.