Jump to content
reck

windows (Archived) Change encryption password

Recommended Posts

As is good practice with passwords I like to change them periodically. Is there a way to change my evernote encryption password apart from going through and manually de-encrypt\re-encrypt every bit of encrypted text?

Share this post


Link to post

Although I don't practice it, it is good policy to change passwords. I can't answer your question, though since I never encrypt stuff in EN.

Share this post


Link to post

hmmm i'm not seeing any global option here.

Surely we're not expected to go through and call up each note (using the attribute "contains encrypted text"), find the encrypted bit of text, highlight, de-crypt and then encrypt again. Then do it all over again (no doubt with more notes) further down the line next time it's password change time.

  • Like 1

Share this post


Link to post

Yes, the encryption for each region may be separate -- there's no global "passsphrase" to change for security reasons. So you can set each region separately, and if you want to change them, you need to change them individually.

Share this post


Link to post
Yes, the encryption for each region may be separate -- there's no global "passsphrase" to change for security reasons. So you can set each region separately, and if you want to change them, you need to change them individually.

Could you explain what do you mean by "region" here. I did not know there is such a term in EN.

Share this post


Link to post

It’s quite ironic that you chose not to implement a global setting for “security reasons” as it’s down to security reasons that I want to change my password in the first place.

For users with large amounts of notes containing encrypted text built up over a number of years it’s just not practical to go through and manually change each and every instance of a password protected piece of text in evernote. Therefore the password has to remain the same for ever, even if you think it may have been compromised at some point. Doesn’t this limitation present a greater security risk than allowing users to easily change their encryption password periodically?

Cpchang, maybe region just means the area of text that you’ve chosen to encrypt?

  • Like 1

Share this post


Link to post

Cpchang, maybe region just means the area of text that you’ve chosen to encrypt?

I guess so.

I hope the whole EN data file can be encrypted. I do not mind de-encrypt every time I open it. Once I am done I hope I can close the file encrypted.

Share this post


Link to post
I hope the whole EN data file can be encrypted. I do not mind de-encrypt every time I open it. Once I am done I hope I can close the file encrypted.

The EN database on the EN servers is not encrypted. You can encrypt the EN database on your Windows desktop by moving it to a Truecrypted container. This has been discussed a lot on the board, so you can search on the word "encrypt" to find more info on the subject.

Share this post


Link to post
I hope the whole EN data file can be encrypted. I do not mind de-encrypt every time I open it. Once I am done I hope I can close the file encrypted.

The EN database on the EN servers is not encrypted. You can encrypt the EN database on your Windows desktop by moving it to a Truecrypted container. This has been discussed a lot on the board, so you can search on the word "encrypt" to find more info on the subject.

Yes I have read about this work around. Not sure why EN does not want to have this option. Anyway, does Truecrypt run on all the platforms that EN runs, such as the smart phones?

Share this post


Link to post
Yes I have read about this work around. Not sure why EN does not want to have this option.

It's discussed in the various threads. In a nutshell, true encryption requires they not know the password which means they cannot index the database in order to do the searching.

Anyway, does Truecrypt run on all the platforms that EN runs, such as the smart phones?

No. It does run on Windows but for other clients, you'd need to research how best to protect your data on each of the clients you use.

Share this post


Link to post

Yes I have read about this work around.

If you lose or forget the password, there is no way to retrieve it.

Share this post


Link to post
Yes I have read about this work around. Not sure why EN does not want to have this option.

It's discussed in the various threads. In a nutshell, true encryption requires they not know the password which means they cannot index the database in order to do the searching.

Thanks. I have been a user of InfoSelect for two decades. I wonder why InfoSelect data can be password protected, yet its lightening fast and very versatile searching is much faster and more powerful than Evernote. :?

Share this post


Link to post

Thanks. I have been a user of InfoSelect for two decades. I wonder why InfoSelect data can be password protected, yet its lightening fast and very versatile searching is much faster and more powerful than Evernote. :?

$250 smackers for InfoSelect and $100 for each upgrade?

They better be a lot more powerful at that price.

Share this post


Link to post
If you lose or forget the password, there is no way to retrieve it.

By definition, this would be the case with any "true" encrypted system. If you can request your password via a "forgot your password" link, that means the board/company/service knows how to retrieve your password. And so would/could a hacker. The most secure encryption means the board/company/service has no way to access your encryption password.

Share this post


Link to post
If you lose or forget the password, there is no way to retrieve it.

By definition, this would be the case with any "true" encrypted system. If you can request your password via a "forgot your password" link, that means the board/company/service knows how to retrieve your password. And so would/could a hacker. The most secure encryption means the board/company/service has no way to access your encryption password.

I believe that is what I said, but thanks for reconfirming my comment.

Share this post


Link to post
I believe that is what I said, but thanks for reconfirming my comment.

Actually, no, that's not what you said. Your post gave no indication that this is a good thing and/or why.

Share this post


Link to post

Ahh, actually what I said was a fact. Cpchang said he had read about the TrueCrypt workaround. There was no need to add any "good things" to my statement because it stands on its own. If you think my statement is fraudulent, I would love to hear an explanation.

"If you lose or forget the password, there is no way to retrieve it."

Share this post


Link to post

Ahh, actually what I said was a fact. Cpchang said he had read about the TrueCrypt workaround. There was no need to add any "good things" to my statement because it stands on its own. If you think my statement is fraudulent, I would love to hear an explanation.

I don't know what you're agenda is, nor am I interested. It's clear I did not say your posting was "fraudulent." It's clear you're going off on tangents here & I'm not interested in any part of that. Carry on.

Share this post


Link to post

Ahh, actually what I said was a fact. Cpchang said he had read about the TrueCrypt workaround. There was no need to add any "good things" to my statement because it stands on its own. If you think my statement is fraudulent, I would love to hear an explanation.

I don't know what you're agenda is, nor am I interested. It's clear I did not say your posting was "fraudulent." It's clear you're going off on tangents here & I'm not interested in any part of that. Carry on.

Thank you both to BurgersNFries and jbenson2.

As a non-specialist but advanced user of randam notes organizer, I am simply curious on what seems a simple matter, that is to allow password lock of Eevernote. I wish to be educated and appreciate all the responses. I was the person who first suggested the yahoo group of IS-EN, to help InfoSelect users to convert to Evernote. The vast majority of InfoSelect users around the world are power users, with InfoSelect for decaade or more. One of the biggest difficulties I have to encourage the conversion is the encryption issue. That is why I am always interested in this subject.

Also, as a layman who never used TrueCript, it seems to me that it only encripts the Evernote data on the local computer. Once they are sent to the cloud it is no longer encrypted, or am I wrong? If data are not encrypted in cloud, then TC may be useful for preventing hacking of the local computer, but it does not adderss the concern we have. A password protected data base will.

CP

Share this post


Link to post

Also, as a layman who never used TrueCript, it seems to me that it only encripts the Evernote data on the local computer. Once they are sent to the cloud it is no longer encrypted, or am I wrong? If data are not encrypted in cloud, then TC may be useful for preventing hacking of the local computer,

Correct, as previously mentioned:

The EN database on the EN servers is not encrypted. You can encrypt the EN database on your Windows desktop by moving it to a Truecrypted container. This has been discussed a lot on the board, so you can search on the word "encrypt" to find more info on the subject.

but it does not adderss the concern we have. A password protected data base will.

True, and as I mentioned above:

In a nutshell, true encryption requires they not know the password which means they cannot index the database in order to do the searching.

This is why I don't store sensitive info in Evernote (unless it would be text that is encrypted). This has been discussed at length in other threads. The "wide open database" thread is very comprehensive. So if you have any further questions, I would refer you to that, rather than repost info that has already been posted.

Also:

but it does not adderss the concern we have. A password protected data base will.

To clarify, a "password protected database" is not necessarily an encrypted database.

Share this post


Link to post

I don't know what you're agenda is, nor am I interested. It's clear I did not say your posting was "fraudulent." It's clear you're going off on tangents here & I'm not interested in any part of that. Carry on.

Your challenging statement. that what I said was wrong. struck a nerve.

I do not believe what I wrote was wrong. For some unmentioned reason, you do.

But I politely responded and asked you to explain where my statement was wrong. I remained on topic.

I stand by my original comment when using the TrueCrypt workaround - see below:

If you lose or forget the password, there is no way to retrieve it.

Share this post


Link to post

BurgersNFries and jbenson2; again thank you both, I have been helped here and elsewhere by your posts. I wish to apologize to both of you for inciting a possible misunderstanding and wish to take all the blames.

Meanwhile, I hope you guys can put up for repeated questions on matters that have been discussed previously, even extensively and repeatedly. I am pretty sure there are many other new Evernote converts who have more and more questions as they learn to use EN, but for one reason or another did not do a thourough search of the forum. And there may also be posts that tried to give what the poster thinks are additional reasons to support a desired feature, even though these reasons may sound the same to old hands.

They will benefit from your patience and help.

CP

Share this post


Link to post

hmmm i'm not seeing any global option here.

Surely we're not expected to go through and call up each note (using the attribute "contains encrypted text"), find the encrypted bit of text, highlight, de-crypt and then encrypt again. Then do it all over again (no doubt with more notes) further down the line next time it's password change time.

I have to agree.  Now that EN has been hacked, I'm facing the annoyance of updating each of my notes' passwords individually.  Please give users a global encryption option.

Share this post


Link to post

hmmm i'm not seeing any global option here.

Surely we're not expected to go through and call up each note (using the attribute "contains encrypted text"), find the encrypted bit of text, highlight, de-crypt and then encrypt again. Then do it all over again (no doubt with more notes) further down the line next time it's password change time.

I have to agree.  Now that EN has been hacked, I'm facing the annoyance of updating each of my notes' passwords individually.  Please give users a global encryption option.

It's not clear to me that you need to do this, but it's a fair question, that doesn't seem to have been addressed in light of the breach. I'm pretty sure that passwords for these are not stored on the Evernote servers in the area that was hacked, but it would be good to get an official word on this. I'll report this to a higher power.

Share this post


Link to post

hmmm i'm not seeing any global option here.

Surely we're not expected to go through and call up each note (using the attribute "contains encrypted text"), find the encrypted bit of text, highlight, de-crypt and then encrypt again. Then do it all over again (no doubt with more notes) further down the line next time it's password change time.

I have to agree.  Now that EN has been hacked, I'm facing the annoyance of updating each of my notes' passwords individually.  Please give users a global encryption option.

 

You do NOT need to worry about text you've encrypted with the EN encryption feature.  Well, unless you used your login password or a weak password or did something silly like keep the encryption password in another EN note that is not encrypted.  That's kind of the point of true encryption.  EN does not have the encryption passphrase & cannot help you recover the encrypted data if you lose/forget the password. Therefore, even if someone DID gain access to your encrypted notes on the EN server, they would have to attempt to crack your encryption password because Evernote does not have your encryption password.  (This is also why EN cannot index your encrypted text.)  And, IMO, unless you work for the CIA or have immediate access to millions/billions of dollars, us regular Joes are probably not going to be worth the time & CPU cycles of cracking strong encryption passwords.

  • Like 1

Share this post


Link to post

 

hmmm i'm not seeing any global option here.

Surely we're not expected to go through and call up each note (using the attribute "contains encrypted text"), find the encrypted bit of text, highlight, de-crypt and then encrypt again. Then do it all over again (no doubt with more notes) further down the line next time it's password change time.

I have to agree.  Now that EN has been hacked, I'm facing the annoyance of updating each of my notes' passwords individually.  Please give users a global encryption option.

 

You do NOT need to worry about text you've encrypted with the EN encryption feature.  Well, unless you used your login password or a weak password or did something silly like keep the encryption password in another EN note that is not encrypted.  That's kind of the point of true encryption.  EN does not have the encryption passphrase & cannot help you recover the encrypted data if you lose/forget the password. Therefore, even if someone DID gain access to your encrypted notes on the EN server, they would have to attempt to crack your encryption password because Evernote does not have your encryption password.  (This is also why EN cannot index your encrypted text.)  And, IMO, unless you work for the CIA or have immediate access to millions/billions of dollars, us regular Joes are probably not going to be worth the time & CPU cycles of cracking strong encryption passwords.

 

Exactly.  We do not store these, so there is nothing to be taken.

  • Like 2

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...