Guest mrossk Posted January 18, 2014 Share Posted January 18, 2014 I have updated to the newest version of Evernote for Windows Desktop 5.1.1.2334 and encrypted some text. I exported this note and opened it in a text editor and I could find: cipher="AES" length="128". So it really seems to be encrypted with AES-128. Then I synced this note to an other computer with an older version of Evernote for Windows Desktop and to my surprise I was able to decrypt this new encrypted text on this older version. Now I am a little unsecure: Is this text really encrypted with AES-128? Or has older versions of Evernote for Windows Desktop already been able to decrypt AES-128? Marcel. Link to comment
Level 5 jbenson2 2,147 Posted January 18, 2014 Level 5 Share Posted January 18, 2014 That's a good question. Evernote has not been very outgoing with detailed information on this long-awaited security improvement. There have been some sharp-eyed users who have tried to piece together some of the behind-the-scenes activity. One comment mentioned that it appears the encryption might only be for the Evernote servers. I believe it does involve both their servers and our clients, but I'm not a security expert. Here is a comment from Evernote staff that caused some confusion."To you guys, there shouldn't be any change. But on our side we're now using AES-128." Here is a link with more details, including a short followup reply from Evernote.http://discussion.evernote.com/topic/51794-511-rc/ He mentions:"It update it, you should update the text you have encrypted." I could be wrong, but I believe he means that previously encrypted text needs to be edited (changed) and re-encrypted to take advantage of the improved security. You can find all your encrypted notes by using a search for"encryption:". I have a couple hundred encrypted notes. I don't see an easy way to identify which encryption method is used (the easily broken 64-bit RC2 vs the tougher 128-bit AES). Hopefully more details will be released by Evernote to give us a better understanding on what we need to do to take advantage of this improved security. Link to comment
Guest mrossk Posted June 23, 2014 Share Posted June 23, 2014 Can someone from Evernote explain why it has been possible to decrypt AES-128 encrypted text with an older version of Evernote that has not supported AES-128? I want to know if I can trust this encryption to store some sensitive information. Thanks. Marcel. Link to comment
ScottLougheed 1,316 Posted June 23, 2014 Share Posted June 23, 2014 While Evernote staff do read these forums, this is by and large a user forum. If you want a surefire response from Evernote staff to a given question, I suggest you open a support ticket. That said, I am sure your fellow users would be interested in what the answer is and would appreciate you coming back here to share Support's response! Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.