Kurt Cubic

(Archived) (Archived) REQUEST: Additional encryption options for notebooks and syncing

787 posts in this topic

Hi

Great tool!

I´m planning to store some personal information - bank-account pincodes etc. - in some encrypted notes!

Then i´m wondering - how strong is the encryption in Evernote? I don´t know much about the tecnical details of encryption, so - please - express yourself in plain language!

Lars

Share this post


Link to post

We are using a mature, standard encryption algorithm (RC2) with a "key strength" of 64 bits. This is the maximum security allowed by the US Government's Commerce Department in software that is exported outside the US. (Allowing people to download software is considered an "export" by the government.)

This level of strength, combined with the general obscurity of our technology (no off-the-shelf tools for attackers), means that the average person wouldn't have a way to get at your encrypted content if you choose a strong encryption passphrase (i.e. no words from the dictionary, etc.). This level would not protect against a concerted effort by a government agency or other organization willing to put in a few engineer-weeks of work and lots of computing cycles.

I personally consider this to be strong enough for me to store my encrypted passwords and credit card numbers in Evernote, but this is not because I think that the encryption is "uncrackable." Rather, I feel that the level of effort required for someone to get this data would be a lot higher than the value they would get from a successful attack.

On the other hand, we feel that individual users should have the tools to make their own decisions about security and privacy. This level of cryptographic protection may not be appropriate for all users' data.

Share this post


Link to post
We are using a mature, standard encryption algorithm (RC2) with a "key strength" of 64 bits. This is the maximum security allowed by the US Government's Commerce Department in software that is exported outside the US. (Allowing people to download software is considered an "export" by the government.)

I am not a lawyer... in fact, I am a 'Product Associate' for the company I work for... but you may want to revisit the export restrictions since I think 64-bit RC2 is a little old. Our 'flagship' product is a password manager which uses 256-bit AES encryption, and we can export it to anywhere that's not on the control list of "countries the united states doesn't like".

(These are my words; I had to look into this stuff once and it was really confusing.)

Share this post


Link to post

Will there be a strong encryption option for those of us in the US and other countries deemed nonthreatening by our government?

Share this post


Link to post
I am not a lawyer... in fact, I am a 'Product Associate' for the company I work for... but you may want to revisit the export restrictions since I think 64-bit RC2 is a little old. Our 'flagship' product is a password manager which uses 256-bit AES encryption, and we can export it to anywhere that's not on the control list of "countries the united states doesn't like".

Thanks for the feedback. The government relaxed things a bit in 2004, but symmetric encryption over 64 bits still requires an explicit review and approval by Commerce (http://www.bis.doc.gov/encryption/massmarket_keys64bitsnup.html). We're working through this process ...

Thanks

Share this post


Link to post

Oh, forgot to mention a more important factor than the raw cryptographic key length ... (sorry, Kurt, this part is going to be heavily technical.)

Encryption within notes is based off of a user passphrase, which we use to derive the 64-bit key (via MD5). At some point, the length of this derived key is less relevant than the strength of your secret passphrase, since an attacker can just try every possible passphrase instead of every low-level key.

A 64-bit key is as "strong" as an 9 to 11 character password, depending how you restrict your typing. (I.e. the entropy of a 64-bit key with 2^64 possibilities is about the same as a 9 character ASCII password with 128^9 possible combinations.)

Taking the same 9 character ASCII password and using it to derive a 512-bit AES key doesn't actually make it any stronger against an attacker who is just going to try every possible password (instead of every possible AES key). You can obscure the algorithm or throw in some extra key material from the application, but this doesn't add any real security in the cryptoanalytical sense, since a determined attacker can reverse-engineer this stuff out of your desktop app.

So unless you're choosing a really long and truly random passphrase, using more bits doesn't actually help much.

The cryptographer Bruce Schneier has done some good analysis on the topic (e.g. http://www.schneier.com/blog/archives/2006/12/realworld_passw.html), and there's a fundamental problem with passwords -- computers to crack passwords keep getting faster and our brains don't get any better at remembering long, random things. Unfortunately, the secure alternatives (hardware encryption tokens, etc.) are a lot less convenient to use.

Share this post


Link to post
I personally consider this to be strong enough for me to store my encrypted passwords and credit card numbers in Evernote, but this is not because I think that the encryption is "uncrackable." Rather, I feel that the level of effort required for someone to get this data would be a lot higher than the value they would get from a successful attack.

Thanks - this is what I needed! And once again - great application - I use it everyday!

One suggestion, though: It would be great to have the opportunity to organize notes in a truly tree-like structure - in folders i folders - just like files on a drive!

Lars

Share this post


Link to post

One suggestion, though: It would be great to have the opportunity to organize notes in a truly tree-like structure - in folders i folders - just like files on a drive!

Lars

Check out EN 2.2.

Share this post


Link to post

This has probably already been covered, but I'm a bit too upset to look at the moment. I also want to bring this to light again.

By accident, I just discovered for myself that anyone with access to my machine can have access to my Evernote database (using the cliet). I opened Evernote - which asked me for my login and password. I entered the correct username, but mistyped my password. Evernote eagerly opened my database but informed me that the syncronization failed. Bottom line, if a person knows my username (which seems to be remembered by EN via the dropdown list), they can have full access to the database. (Note: I don't even have to enter a password - just my username to access my db.)

I am sure I'll hear about how the previous version was never secure, or how if I don't want to give anyone access then I should keep it on a memory stick, bla bla bla. I know we have the opportunity to encrypt sensitive information - but to some degree, I feel a good part of the db is sensitive.

If a simple word document can be protected, why not this db? My wish seems simple: if the u/n and p/w aren't a match, don't let me in.

Thanks for hearing me out on my rant.

Brian

Note: this is on the windows client - I do not have a Mac.

Share this post


Link to post

If you are worried about people gaining access to your personal computer, then you should protect all of your important files by turning on the hard drive encryption feature of your OS or else use a third-party encryption product such as the excellent free TrueCrypt software. This can be used to provide consistent protection for your Evernote database along with your office documents, your mail storage, temporary browser files, personal photos, scans, etc.

This gives you much better security than relying on every vendor to build their own bullet-proof encryption system into every document that is stored on your drive.

Share this post


Link to post

Brian, I agree 100% with DAVE Engberg. Your complaint is similar to leaving your wallet on your desk & getting mad b/c while you were down the hall getting more coffee, that someone came in & got your credit card info. I work from home & leave my computer on 24/7. All my sensitive data is stored on Truecrypted drives. On the rare occasion when I store sensitive data on a non-Truecrypted drive, I Axcrypt it.

Additionally, any programs I don't want someone to be able to open, I use Super Exe Lock by Superlogix. This allows you to password protect the program itself. So if you don't want anyone invoking EN on your computer, you could use a similar program. Make sure when you leave your computer, the programs are not open. Of course, this doesn't prevent anyone from making a copy of your EN files, taking it to another computer & downloading/installing EN. THAT's why you'd want the EN files encrypted (IE Truecrypt.) And similarly, when you leave for any length of time, you'd want to dismount the TC drive/container.

Share this post


Link to post

BTW Brian, when you say "If a simple word document can be protected", you do know that MS document passwords are pretty useless, right? I mean, a quick Google will point you to a plethora of programs you can download & buy (for not that much $$) that will break the password. Pretty much the only thing MS document passwords are for is to keep a lightweight nib from getting into the document. But don't use a password protected MS document to store sensitive data such as credit card numbers, passwords, etc.

Share this post


Link to post

I'm really not looking for anything that will encrypt my data. I'm not guarding anything major here.

Case in point - if I want to keep a gift list on here, if someone in the house gets snoopy and looks around, they can have full access.

At the very least, I believe there should be something that would keep prying eyes from opening a database. I understand if I want to keep everyone else out, I can use TrueCrypt. That solution just seems like overkill to remedy something that should be in place already. I don't believe the tagline - "We're your external brain" makes sense here - nobody has access to my brain - not like they do with EN.

The prevention of lightweight nibbing is good enough for me. Again, I'm not trying to guard national secrets here for crying out loud.

Share this post


Link to post

If you just want light password protection, you may want to use the password locking screen saver on your Windows box to make sure that no one can get to any of your applications without entering your Windows account password. This isn't 100% protection against someone with physical access to your computer, but will provide a bit more protection than you're describing, since someone couldn't just trivially copy off your database file onto a USB drive, etc.

Share this post


Link to post

So I share a computer with other people and have installed EVERNOTE.

It seems that when i log out, ALL of my info is avail for everyone to see!

Even though that login screen comes up, it us just meant to synch, it doesn't protect against privacy.

anyone know how to keep Evernote private on a computer so you can LOG out and others can't look at your info?

Share this post


Link to post

The best way to do this on a Mac is to create separate OS X user accounts for each person using the machine.

Share this post


Link to post

I noticed this myself & did not like. I have created a TrueCrypt volume to store my DB in & pointed EverNote to that.

Share this post


Link to post

Good idea about truecrypt. I already use it for business files on my Mac.

However My data is stored in User Name/Library/Application Support/Evernote/data/

Where should I put the Truecrypt Volume & if it is to be in a new location how do I move the file location in Evernote for Mac?

Many thanks for any help you can give.

Share this post


Link to post

I like the idea about using TrueCrypt .. but why is it "better", than this?

The best way to do this on a Mac is to create separate OS X user accounts for each person using the machine.

Obviously if you have top secret stuff or company related material that can NEVER get into the hands of strangers, then encryption is the way to go. But for personal use, note taking etc., shouldn't multiple OS X user accounts be enough security? User "john" shouldn't be able to access evernote db files from user "jane", when only "john" is logged in, right?

Share this post


Link to post

Regarding the OSX user accounts, I'm not a Mac user (I know....blasphemy) so I'm not certain if it works the same as follows. Your mileage may vary....On Windows, any admin account can access any users documents folder by browsing to it. Simply clicking on the EN DB there with an admin logon launches that information & reveals all.....the password is only necessary to synch back to the servers. This is problematic if you work with a bunch of propellerheads (like me) and everybody knows the admin logon or a 'secret' way to get into your machine or how to jazz around with the Windows registry.

Using an encrypted volume is easy & defeats these jokesters. There are online videos & worlds of info on the details of using TrueCrypt, but here's how I did it. Create a TrueCrypt volume big enough to hold your DB plus some....give it some room to grow. This encrypted volume can be anywhere....like on a thumb drive, in the cloud, network drive, etc. Once the TrueCrypt volume is created, mount it & copy your DB into it since it works just like any other folder or drive. My new volume is setup as the P drive, so I launched EN, went into Tools >> Options and changed the EN Local Files option to point to this new location. Mine says P:\My EverNote Files (the database folder is understood it seems).

Now each time you want to use EN, launch & mount your truecrypt volume first so that EN will have something to look at. When you're done with EN & have exited, just unmount the TrueCrypt volume to secure your data. You can also setup the TrueCrypt options to dismount at logoff automatically or start at logon, etc. Personally, I use a batch file that mounts the volume, starts EN & then auto-dismounts when I exit EN. Everything is secure & synchs & all is well. If you're really paranoid, you can also go ahead & start fresh & install EN into this TrueCrypt volume so that it can't even be seen until the volume is mounted. That worked ok for me, but there were a couple of things I didn't care for, so I took that part out & only pointed to the DB there instead.

Share this post


Link to post

I don't see any where in Evernote for Mac settings that you can define where it should store all the files. Maybe somebody else know?

Share this post


Link to post

We don't expose a UI option for moving your note database to a different location, but if you quit Evernote completely, and are a bit technical, you could move this folder:

~/Library/Application Support/Evernote

to a different location and replace it with a symbolic link to the new location.

Share this post


Link to post

Hi,

I've been reading around a few threads on these forums, all around the issue of users wishing to hide the details of their EN notebooks from prying eyes. These all seem to descend into other users saying "Use TrueCrypt" or some other solution to secure the locally stored data, and locking your computer to prevent casual access to your running system. That's just not the issue (for me at least) I want EN to be my external brain, but it has to be acknowledged that some thoughts are private. I don't want my payslips, bank statements, receipts, company accounts stored in plaintext. I do want to access them on all my computers, and at work (via web), and on my iPhone. EN is fabulous for providing the ubiquity of access, but I'd like the privacy to be a bit stronger. I realise that this makes it next to impossible to index / image recognise these files, but that's the side of the trade-off I'm comfortable with. I'll ensure that the files are well titled and tagged to ensure that I can search for them. I guess you could locally index the files without ever loading the password to central servers, to allow rich search in the desktop clients.

An example given was that 'Brian' was complaining that someone got his credit card details when he left his wallet unattended on his desk. I see this the complete opposite way. I wouldn't leave my payslip on my desk at work, it goes in a locked drawer. I expect the same level of security for electronic documents. And again, I don't expect mil-spec encryption. You could probably bust the lock of my desk drawer in 10 seconds, but you'd have to decide that it was worth your effort, that's the level of security I'm looking for.

At present I have a local notebook (on the mac so no Image Recognition anyway) for sensitive notes. I password protect my sensitive PDFs if they're going to be on a shared notebook, but iPhone cannot open them. This adds a bit of inconvenience to my workflow, which is what EN has been fabulous at simplifying.

The encrypt text feature isn't for me because the sensitive information is stored in images. I'd love the same feature at the note attachment level, that would do it!

Sorry for the length of the post!

Stuart

Share this post


Link to post
to some degree, I feel a good part of the db is sensitive.

Then switch to something else, seriously.

Spend 100+ posts convincing Evernote to password protect your db... then realize it take a simple (free) SQlite db manager (like ...uh... a basic Firefox plugin)... to have full access to the db.

Oops.

ps: I get the whole password thing. Just saying...

Share this post


Link to post
to some degree, I feel a good part of the db is sensitive.

Then switch to something else, seriously.

Agreed. I find it interesting that with identity theft such a big deal today, that so many people think if an application has a password, all their sensitive data is "secure." Password protected Word documents, PDFs, etc are so easy to crack. Heck, even if you put a password on Quicken, the images you scan into Quicken don't even have to be cracked. They are just sitting out there for someone to open in any image viewer. You don't even need the Quicken password!

Bottom line, if you're going to store sensitive data such as bank/credit card statements, passwords, social security numbers, etc the data needs to be encrypted with a strong password. It may take an hour or two up front to learn how to use something like Truecrypt. But the software is free and once you have your hard drive encrypted, it takes all of about 30-60 seconds to unlock it for your use. (There are hotkeys you can use to simplify the process. Plus, I store the TC password for additional drives in a password manager. So that 30-60 seconds includes unlocking the password manager, getting the TC password. copying it & pasting it into TC. Since I remember the TC password for my boot drive, that takes even less time - only the ~10 seconds it takes to type it in.) You can even encrypt part of a drive, so you only need to unlock that part of the drive if you're going to be doing something like banking. You can then "lock" it back up when done with your banking. That way if you just want to do some net surfing, you can skip the extra 30-60 seconds it takes. If you're not willing to do this, then you shouldn't be storing that stuff on your computer.

Share this post


Link to post
Guest
This topic is now closed to further replies.