User Tools

Site Tools


public:en:beveiliging

Security

Safety

Security in information systems is not only a matter of technology. An important part of information security is the way you deal with the information.

Safenotes uses standard encryption methods generally known as particularly reliable. It is not possible to access the secured notes without password. However, if your password is leaked or easy to guess, then the encryption also has no value. Therefore, choose a secure password and do not write it down anywhere.

Safenotes does not store passwords and there is no master key for access. Without password, you will not be able to access your notes, by any means. This also means that it it is useless to send me an email if you have forgotten your password. I can not help you, there are no hidden backdoors.

To avoid this, you can export (backup) your notes at any time and you can use the PC application to decrypt them.

Furthermore, Safenotes has no connection to the Internet. Access to the SD card is required only to import and export your notes. The exported files are also fully encrypted, allowing you to determine the number of encryption rounds yourself.

Encryption

Safenotes uses a strong form of encryption called AES. Encryption is a way of making data (e.g., a text) unreadable using a so-called key. With the same key, the text can be read again. Without the key it is virtually impossible.

Keys

The cryptographic key is derived in a special way from your password. This happens with a so-called key generator. Every time you turn the key generator, a new key will be delivered. To ensure that any intruder can not read your secured notes, or by trying it very often, we will generate a key a lot of times (for example, 10000 or 50000 times).

This takes time.

For us, it's only one time, namely, if we want to encrypt or decode the notes, but the intruder must do that for any password that he wants to try again. If he has to guess a million times what the password is, and every time it takes a tenth second, it will add up.

Iterations

The number of times we re-generate the key is called iterations. This number can be set in Safenotes preferences (not in the free edition). To get the same key, encryption and decryption must use exactly the same number of iterations, otherwise you will get a message that the password is incorrect. Hence the additional warning in the preferences.

If an intruder does not know what the number of iterations is, it will be much more difficult to guess the password. All these different numbers of iterations should then be tried. The disadvantage of this is that you have to remember how many iterations you have used for encryption, otherwise you will not be able to regain access to the notes.

The encryption itself (once the key has been generated) goes very fast, so there is no delay.

public/en/beveiliging.txt · Last modified: 05-12-2017 10:52 (external edit)