#SAFEPAD NOTEPAD FOR MAC CODE#
In other words: whenever a server's code is responsible for providing security, you have to trust whoever runs it. Even if you knew the server code, you couldn't confirm whether that code was running on server, or if it was replaced by something else. Nobody should be forced to trust anyone in order to be secure that's why all security is provided from the client side (which users can verify). So we've created this approach where server side is irrelevant - that's the beauty of this service. We'd like to provide perfect security to everyone, not just tech users. We haven't opened the server code, for now. Q: Is the server code available somewhere? I'd like to host the service myself. On top of that, all data is only provided through SSL. uses standard AES algorithm for encrypting/decrypting the content, together with 'salts' and other known good practices to achieve exceptional security and SHA512 algorithm for hashing. The title of each tab consists of up to 20 characters from the first non-empty line of text. Q: How is the title of each tab computed?
The server compares both the stored and received hashes to determinate whether client was served with the latest changes.) The client has to return that same hash when trying to save updated content. (The server stores the hash of the newest content, and sends the hash to the client together with the content. Overwrite protection prevents you from saving any changes if text was changed in the meantime.
#SAFEPAD NOTEPAD FOR MAC PASSWORD#
If we get the expected URL, we try using the same password for decrypting the whole site (it's possible - but very unlikely - that two different passwords correctly decrypt the same URL, but using that wrong password for decrypting everything else will result in gibberish). Once a user creates the password, we store the encrypted URL, and each time the password needs to be tested, we just try decrypting the encrypted URL. The "well-known" text we're using is the URL of the current site (which is different, but known, for each site).
The idea is that we don't have to know the password we just have to make sure that the password is correct - and one way to check that is to try decrypting some well-known text using the provided password. Passwords are never saved not even within encrypted text.ĭecryption of a page will fail if the password is incorrect, so whoever can decrypt the page must have used the correct password. The server doesn't know anything about authentication that's all handled in your browser. Q: How can you verify that a password is correct if you don't store it anywhere and don't send it to server? How do you authenticate the user? Your data is decrypted only on your device, and encrypted before it's returned to us. Your password (or password hashes) are never sent over the network, and all data that's sent or received is always encrypted. Q: Can I use a suspicious internet connection (e.g. Note that your text is protected by both the URL and your password. The longer the password, the harder it is to guess it. That your notes may be viewed where necessary 'to comply with our legal obligations, such as responding to warrants, court orders or other legal process.' In case of legal prosecutions, we can't hurt users because we don't know anything about them, and we can't decrypt their notes.Įvernote is far from secure, and their Privacy Policy says We'd like to create a file storage and sharing service with a similar security approach. Q: What are your long-term plans? How will you react to legal pressure? You can add the password after the URL of your site, like this: /yourSite ?yourPassword which will automatically decrypt yourSite with yourPassword. You can always type in "Mark's notes" and you'll be redirected to the same URL. Some characters aren't allowed in URL addresses, that's why your URL is redirected to a URL that has some characters replaced with dashes. Q: Why is my URL changed from "Mark's notes" to "mark-s-notes"? To open your encrypted backup, open saved. Make sure to save the site while 'Password required' dialog is still visible. It's simple: Open your site with Google Chrome or Mozilla Firefox and save the site before decrypting it (Ctrl + S should work). Q: How can I make encrypted backup of my notes? It doesn't matter where you keep this diary, since only you can understand the text that's inside. It's like if you're writing a diary with special characters that only you understand. You don't have to trust us, or anyone else with your password, since only you know it and only you can decrypt your notes. Also, we don't know who this text belongs to. We only store encrypted text - which is useless data once a password is lost. Q: I've forgotten my password, what can I do?
0 kommentar(er)
