dlu 628 Posted January 13, 2014 Share Posted January 13, 2014 Hello Folks! We have a new RC that is largely bugfixes. Two improvements that are worth testing are encryption. To you guys, there shouldn't be any change. But on our side we're now using AES-128. We also have added in rich Contact Notes for those who scan in business cards from the ScanSnap Evernote Edition You can join the beta track by going to Tools >> Options and checking "Update to prerelease version when available" You can also get the beta here:http://cdn1.evernote.com/win5/prerelease/Evernote_5.1.1.2304.exe Link to comment
Level 5 cwb 225 Posted January 13, 2014 Level 5 Share Posted January 13, 2014 Can you confirm that if it's desired to upgrade existing notes from RC2 to AES128 that Encryption needs to be turned off and then back on (for each encrypted instance)? Still this issue: http://discussion.evernote.com/topic/48670-evernote-for-windows-510-rc/?p=253949 Link to comment
Liam Gretton 86 Posted January 14, 2014 Share Posted January 14, 2014 Can you confirm that if it's desired to upgrade existing notes from RC2 to AES128 that Encryption needs to be turned off and then back on (for each encrypted instance)? It'd be nice to think EN has replaced the worse-than-useless RC2 encryption, but I suspect dlu means the client to server encryption. I'll be glad to be wrong though. Link to comment
Level 5 cwb 225 Posted January 14, 2014 Level 5 Share Posted January 14, 2014 Can you confirm that if it's desired to upgrade existing notes from RC2 to AES128 that Encryption needs to be turned off and then back on (for each encrypted instance)? It'd be nice to think EN has replaced the worse-than-useless RC2 encryption, but I suspect dlu means the client to server encryption. I'll be glad to be wrong though. Not that you mention it, it does read that way. What would there be to test then on the client side? And I remain perplexed on why limit the client to a specific SSL transport cipher? On the Evernote server side they support (apart from ECDH for forward secrecy) a full range of ciphers. Yes they prefer AES to RC4, but moreover the server side prefers AES256 not 128. So to make the narrative fit, while the client side has the full OpenSSL library at it's disposal, they would be limiting it to a single cipher, rather than the usual SSL negotiation of best available? Link to comment
dlu 628 Posted January 16, 2014 Author Share Posted January 16, 2014 The AES-128 encryption is in the client. It update it, you should update the text you have encrypted. For example if you encrypted "1234" you can decrypt it and change it to "1234-" or something similar, and upon re-encrypting the clienet will use AES-128. Link to comment
Level 5 cwb 225 Posted January 16, 2014 Level 5 Share Posted January 16, 2014 Thanks for confirming my original assumption!Will dust off the saved search for all encrypted items. Link to comment
Liam Gretton 86 Posted January 16, 2014 Share Posted January 16, 2014 The AES-128 encryption is in the client. It update it, you should update the text you have encrypted. For example if you encrypted "1234" you can decrypt it and change it to "1234-" or something similar, and upon re-encrypting the clienet will use AES-128. That's excellent news, thanks. Link to comment
Level 5* jefito 5,598 Posted January 16, 2014 Level 5* Share Posted January 16, 2014 Hi dlu. This may be related to the latest release, can't tell what it's all about: http://discussion.evernote.com/topic/51953-whats-the-function-of-updated-from-social-search/. You get it by right-clicking on a note in the note list, but the last two entries don't appear to do anything. Link to comment
dlu 628 Posted January 16, 2014 Author Share Posted January 16, 2014 Hi dlu. This may be related to the latest release, can't tell what it's all about: http://discussion.evernote.com/topic/51953-whats-the-function-of-updated-from-social-search/. You get it by right-clicking on a note in the note list, but the last two entries don't appear to do anything.Thanks! Just commented on that thread. You should only see those options for "Contact Notes" Link to comment
Level 5* jefito 5,598 Posted January 16, 2014 Level 5* Share Posted January 16, 2014 Thanks! Just commented on that thread. You should only see those options for "Contact Notes"Just making sure that you saw it, thanks for the info! Link to comment
MP99 1 Posted January 17, 2014 Share Posted January 17, 2014 The AES-128 encryption is in the client. It update it, you should update the text you have encrypted. For example if you encrypted "1234" you can decrypt it and change it to "1234-" or something similar, and upon re-encrypting the clienet will use AES-128. Thanks. There's an apparent security hole with the client-side encryption, in that sync may store an un-encrypted version in the history if it happens while the text is un-encrypted. (This is obviously also an issue when a note is created but not yet encrypted.) How do you recommend to ensure this doesn't happen? Trigger a manual sync first? Many thanks, Martin Link to comment
Liam Gretton 86 Posted January 17, 2014 Share Posted January 17, 2014 There's an apparent security hole with the client-side encryption, in that sync may store an un-encrypted version in the history if it happens while the text is un-encrypted. (This is obviously also an issue when a note is created but not yet encrypted.) How do you recommend to ensure this doesn't happen? Trigger a manual sync first? EN can't know in advance that you intend to encrypt something. I could decide today to encrypt part of a note I created last week, so all those revisions of the note before I encrypt will be stored in the history unencrypted. I guess by triggering a manual sync first, you're assuming that the auto-sync time counter resets so you've got at least 15 mins to enter and encrypt new text without the risk of it getting synchronised before encryption? (15 mins being the shortest period one can configure auto sync to occur.) If that's the case, this is a good idea. Can anyone tell us if the auto-sync timer resets like this? Link to comment
atangel 33 Posted January 17, 2014 Share Posted January 17, 2014 Interesting problem. Does need to be resolved though otherwise it does make the encryption next to useless. They might not know what you want to encrypt ahead of time, but they do know after the fact. Encryption could flow backwards through the notes encrypting and decrypting as necessary. Is it CPU heavy? Sure, but security is meant to be thorough and history is a pro feature (so....) Just thinking out loud, not providing a solution per se. Link to comment
Level 5* jefito 5,598 Posted January 17, 2014 Level 5* Share Posted January 17, 2014 Not possible to automate this, as far as I can tell; Evernote can't go back and convert old decrypted content because they don't have the decryption keys, right? Link to comment
eric99 1,077 Posted January 19, 2014 Share Posted January 19, 2014 I never switch on the automatic sync option for several reasons:encrypted text may be stored unencrypted before the encryption is performedI want to sync only when all my notes are OK and verified. This way I prevent accidently note syncs with corrupted data.if something goes very wrong with the data in one of my devices, I don't want my other devices be infected with the corrupted data by auto sync. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.