JimmyBoy 4 Posted August 18, 2015 Share Posted August 18, 2015 Ok… so a certain set of events has lead me to believe that any encrypted text within a note is not actually encrypted as such, it is just parsed by evernote and then replaced by an encryption box. I have an iPad 1 and wanted to try evernote on it, but as iPad 1 can only go as high as iOS 5, evernote refused to load as it requires iOS 7+ With this in mind, I then decided to install evernote on my iPhone (iOS 8) and then try again on iPad as it will detect it as a "Purchased Item" and allow me to install the last know compatible release for the iOS version being run. This worked as I hoped and allowed me to run Evernote on iPad 1 (an older version admittedly). Some of my notes have sensitive information such as Serial Numbers which I have encrypted. I switched to Card View and watched evernote import all my notes. I was quite alarmed when evernote started to import notes with serial numbers, and the serial numbers where clearly visible! No encryption, no nothing, just plain text for everyone to see! Once the import had finished, the notes THEN had the serial numbers encrypted. This would suggest to me that these encrypted text is not stored encrypted, and the text is also sent unencrypted, which is a little concerning for possible account hijacks etc… Link to comment
Level 5* gazumped 11,524 Posted August 21, 2015 Level 5* Share Posted August 21, 2015 Hi. For a definitive answer, raise a support request or tweet @Evernotehelps; we're a user support forum so mostly what you'll get here is speculation and opinion. Having said that see -How to encrypt content - https://evernote.com/contact/support/kb/#/article/28451608What encryption is used - https://evernote.com/contact/support/kb/#!/article/23480996Evernote's policy - https://evernote.com/security/ Oh, and for third-party encryption: http://www.getsaferoom.com/ Link to comment
saganama 0 Posted October 14, 2015 Share Posted October 14, 2015 I too would like an aswer to this: is encrypted text within notes also ENCRYPTED ON THE EN SERVER? I have tried contacting Evernote support directly, but just a basic membership it appears I am unable. THANKS to anyone who can directly me to something official other than the "what type of encrpytion does EN use" note. That only tells me that EN can't access my encryption passcode. Link to comment
Level 5* gazumped 11,524 Posted October 14, 2015 Level 5* Share Posted October 14, 2015 As noted, no server expertise (that I'm aware of) here, but to remove all doubt there's at least a couple of options - Cryptsync (windows only) - https://discussion.evernote.com/topic/89267-cool-encryption-tool-for-evernote/?p=381963Saferoom (multi-platform) - http://www.getsaferoom.com/ Link to comment
kgg 75 Posted October 14, 2015 Share Posted October 14, 2015 You should be able to find answers to your questions on our Privacy Policy page under the III. Data Storage and Transfer section. Please let me know if this doesn't answer all of your questions and I'll be happy to help. Link to comment
Level 5 jbenson2 2,147 Posted October 14, 2015 Level 5 Share Posted October 14, 2015 I too would like an aswer to this: is encrypted text within notes also ENCRYPTED ON THE EN SERVER? I have tried contacting Evernote support directly, but just a basic membership it appears I am unable. THANKS to anyone who can directly me to something official other than the "what type of encrpytion does EN use" note. That only tells me that EN can't access my encryption passcode. Check the link in Gaz's message. Here is an excerptEvernote uses AES (Advanced Encryption Standard) with a 128-bit key to encrypt text you select.When you encrypt text, we prompt you for a passphrase. We take your passphrase along with a unique salt and use PBKDF2 with 50,000 rounds of SHA-256 to derive a 128-bit AES key. We use this key, along with an initialization vector, to encrypt your data in CBC (Cipher Block Chaining) mode. We never receive a copy of this key or your passphrase and don’t use any escrow mechanism to recover your encrypted data. This means that if you forget your passphrase, we cannot recover your data. Link to comment
JimmyBoy 4 Posted October 14, 2015 Author Share Posted October 14, 2015 An excerpt from the privacy policy "Evernote also provides you with the ability to encrypt segments of text within any given note. You can learn how to encrypt text by reviewing this Knowledge Base article. Please note, however, that Evernote does not have the ability to decrypt encrypted contents, so we won’t be able to help you recover encrypted contents if you forget the passphrase you used for encryption" This suggests that the text IS encrypted at the server end, but this would conflict with my findings that I pointed out in the original post. If segments of text in my note where encrypted (verified by Mac, Windows and iOS versions that I have), why did I see this "encrypted" text as plain text when the content was being sucked down on a fresh installation - something doesn't add up. Link to comment
saganama 0 Posted October 14, 2015 Share Posted October 14, 2015 Tweeting @evernotehelps garnered this answer:"After text is encrypted in an Evernote app, only the resulting cipher-text is stored in the note or sync'd to our servers. For additional information on security, please check out this page: bit.ly/1X3WaCp. Hope this helps!"I agree that seeing the unencrypted text come through on transfer is unnerving and would make me suspicious. Perhaps JimmyBoy, you can private message @evernotehelps with your detailed question. Link to comment
kgg 75 Posted October 15, 2015 Share Posted October 15, 2015 I hope I can provide some more clear answers to your questions:To provide the search features offered in Evernote, we do not encrypt your content on our servers. Data storage on our servers is outlined under the III. Data Storage and Transfer section of our Privacy Policy as previously noted.Content you manually encrypt using the Evernote encryption feature remains encrypted on our servers using the method described under "Encrypted Text Within a Note": https://evernote.com/security/Apologies for initially missing the issue JimmyBoy is reporting. We are looking into this issue. I’ll keep you posted. Link to comment
kgg 75 Posted October 19, 2015 Share Posted October 19, 2015 @JimmyBoy, we haven't been able to reproduce this issue. I created a support ticket for you and will reach out to you directly for more information. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.