Advice needed on the notebook password protection feature
- CintaNotes Developer
- Site Admin
- Posts: 5002
- Joined: Fri Dec 12, 2008 4:45 pm
- Contact:
Advice needed on the notebook password protection feature
Hi all,
as you probably know we are currently implementing the long-awaited notebook password protection feature.
Now we are at the point where we have to choose one of the design options, but can't come to an agreement.
Your input in this matter would be very valuable.
So, what would you prefer and why?
1) Very secure, but unrecoverable passwords - if you forget your password, your notes are lost. You can throw away
the .db file.
2) Ability to recover passwords via writing to CN support. The passwords will be encrypted with our private key
and stored in the settings file. This is obviously much less secure than option 1. A determined hacker (and even a layman, since
probably CN password cracking tools might appear) would be able to easily crack the password if he got access to
the .db file, but in case you forget the password, you still can get your notes back.
3) Option to choose from 1 or 2, with 1 being the default
4) Option to choose from 1 or 2, with 2 being the default
5) Your own version - please elaborate.
Thanks in advance!
as you probably know we are currently implementing the long-awaited notebook password protection feature.
Now we are at the point where we have to choose one of the design options, but can't come to an agreement.
Your input in this matter would be very valuable.
So, what would you prefer and why?
1) Very secure, but unrecoverable passwords - if you forget your password, your notes are lost. You can throw away
the .db file.
2) Ability to recover passwords via writing to CN support. The passwords will be encrypted with our private key
and stored in the settings file. This is obviously much less secure than option 1. A determined hacker (and even a layman, since
probably CN password cracking tools might appear) would be able to easily crack the password if he got access to
the .db file, but in case you forget the password, you still can get your notes back.
3) Option to choose from 1 or 2, with 1 being the default
4) Option to choose from 1 or 2, with 2 being the default
5) Your own version - please elaborate.
Thanks in advance!
Alex
- usbpoweredfridge
- Posts: 410
- Joined: Fri Jan 17, 2014 11:08 pm
- Contact:
Re: Advice needed on the notebook password protection featur
Easy - #1. All the other options throw doubt on the security of CN's encryption I'm afraid, and all the work you will have put into implementing it will have been wasted. The whole point of the encryption feature will be so that no one but the user who encrypted the database can read it - and if CN support has a backdoor into the encryption, the question arises as to who else has that same access, and that is where the trust is lost.
Proper backups are a user responsibility, and if a user loses data because they have encrypted their database and have lost their password, then too bad. Yes, that won't stop them contacting support to ask if you can crack their database, but you just have a simple copy/paste template that says "I'm sorry, but there is no backdoor into the CN encryption, and we therefore cannot help you - you will need to remember your password" (or along those lines).
Chris
Proper backups are a user responsibility, and if a user loses data because they have encrypted their database and have lost their password, then too bad. Yes, that won't stop them contacting support to ask if you can crack their database, but you just have a simple copy/paste template that says "I'm sorry, but there is no backdoor into the CN encryption, and we therefore cannot help you - you will need to remember your password" (or along those lines).
Chris
-
- Posts: 1324
- Joined: Tue Mar 08, 2011 11:15 am
Re: Advice needed on the notebook password protection featur
#1 - nothing else. Chris already pointed out the relevant facts.
Thomas
Thomas
- CintaNotes Developer
- Site Admin
- Posts: 5002
- Joined: Fri Dec 12, 2008 4:45 pm
- Contact:
Re: Advice needed on the notebook password protection featur
Got it. Thanks. I guess a big warning when setting password should be enough, probably will even cause "wow"-effect
Alex
-
- Posts: 1324
- Joined: Tue Mar 08, 2011 11:15 am
Re: Advice needed on the notebook password protection featur
CintaNotes Developer wrote:Got it. Thanks. I guess a big warning when setting password should be enough, probably will even cause "wow"-effect
Yes, as Chris already pointed out, make a disclaimer, tell people about the risks and their responsibility about managing their password.
- usbpoweredfridge
- Posts: 410
- Joined: Fri Jan 17, 2014 11:08 pm
- Contact:
Re: Advice needed on the notebook password protection featur
Indeed, yes - I was going to suggest a warning when you set a password. I know not every user reads warnings - but in this case, even if they don't, you are then covered (ie you have done everything you can to impress on the user the seriousness of needing to remember their password). It is their responsibility from that point onwards.
Chris
Chris
-
- Posts: 1324
- Joined: Tue Mar 08, 2011 11:15 am
Re: Advice needed on the notebook password protection featur
You can strengthen the question by letting the user type some confirmation word, e.g. "Yes". Also double typing the password (entering it twice) should make the user aware of its importance.
Thomas
Thomas
-
- Posts: 234
- Joined: Fri Nov 08, 2013 5:35 am
- Contact:
Re: Advice needed on the notebook password protection featur
I agree with Chris and Thomas - #1. That's the only secure option.
How would it affect the SimpleNote and Dropbox syncing?
Here's what I currently do: I use Dropbox for syncing files between my work laptop and a home computer. Having simultaneous updates is not a problem for me - I use one machine or another at one time, not both. For more sensitive data, I have an encrypted (TrueCrypt) volume in the Dropbox folder. That's where I keep the CN .db file. When I start to use one computer, I mount the encrypted volume and run CN. While the file is mounted (i.e. open), Dropbox doesn't try to sync it. When I finish, I unmount the volume. This makes it available again to Dropbox for syncing. In other words, files in the encrypted volume are not synced on a change by change basis, but only when the 'session' ends and the encrypted volume is released.
This works fine for me, so I'm not that interested in the CN encryption. I just bring it up as something to be considered.
BTW, on my work laptop, I have to turn off Dropbox syncing anyway while I run CN. There is a known problem between McAfee Enterprise and Dropbox. When I update a note in CN, Dropbox tries to sync it but McAfee also tries to grab it for on-access scan. As a result, Dropbox keeps trying unsuccessfully to sync it - cpu usage goes up to 30% and the fan starts spinning faster. When I exit CN, it releases the file completely and everything finishes. Normally, the solution would be to add the CN .db files to the exclusion list for virus checking. However, my work laptop is heavily secured and I don't have control over this. So, I just turn off syncing and try to remember to turn it on later. I have one or two other programs that run into this problem, not just CN.
Alex, I know the notebook.disconnect.timeout.seconds setting normally releases the file after 30 seconds. Can it be set (0 or huge number) to never release? I could then leave Dropbox syncing on and just let the .db files sync when I exit CN.
How would it affect the SimpleNote and Dropbox syncing?
Here's what I currently do: I use Dropbox for syncing files between my work laptop and a home computer. Having simultaneous updates is not a problem for me - I use one machine or another at one time, not both. For more sensitive data, I have an encrypted (TrueCrypt) volume in the Dropbox folder. That's where I keep the CN .db file. When I start to use one computer, I mount the encrypted volume and run CN. While the file is mounted (i.e. open), Dropbox doesn't try to sync it. When I finish, I unmount the volume. This makes it available again to Dropbox for syncing. In other words, files in the encrypted volume are not synced on a change by change basis, but only when the 'session' ends and the encrypted volume is released.
This works fine for me, so I'm not that interested in the CN encryption. I just bring it up as something to be considered.
BTW, on my work laptop, I have to turn off Dropbox syncing anyway while I run CN. There is a known problem between McAfee Enterprise and Dropbox. When I update a note in CN, Dropbox tries to sync it but McAfee also tries to grab it for on-access scan. As a result, Dropbox keeps trying unsuccessfully to sync it - cpu usage goes up to 30% and the fan starts spinning faster. When I exit CN, it releases the file completely and everything finishes. Normally, the solution would be to add the CN .db files to the exclusion list for virus checking. However, my work laptop is heavily secured and I don't have control over this. So, I just turn off syncing and try to remember to turn it on later. I have one or two other programs that run into this problem, not just CN.
Alex, I know the notebook.disconnect.timeout.seconds setting normally releases the file after 30 seconds. Can it be set (0 or huge number) to never release? I could then leave Dropbox syncing on and just let the .db files sync when I exit CN.
-
- Posts: 40
- Joined: Wed Feb 26, 2014 3:28 am
- Contact:
Re: Advice needed on the notebook password protection featur
I will go with option #1 as well, please.
Thanks!
Thanks!
- CintaNotes Developer
- Site Admin
- Posts: 5002
- Joined: Fri Dec 12, 2008 4:45 pm
- Contact:
Re: Advice needed on the notebook password protection featur
Thanks for your input! Now its clear that option 1 is the way to go, with a good warning.
Thanks for explaining the details of your setup, Gunars! (Off topic: wasn't TrueCrypt compromised? I thought that it could not be trusted any more. Or are you using an older version?)
With Simplenote, I'm afraid that they store data unencrypted (proof). But still its https, so at least during transfer the data will be encrypted.
With Dropbox it's much better actually - the notebook file on disk is always encrypted (we chose to use SqlCipher), and that's what Dropbox can see and sync.
No, setting is to 0 won't do you any good, it will just revert to min setting of 10s. Instead, simply set notebook.disconnect.enabled to 0.
gunars wrote:This works fine for me, so I'm not that interested in the CN encryption. I just bring it up as something to be considered.
Thanks for explaining the details of your setup, Gunars! (Off topic: wasn't TrueCrypt compromised? I thought that it could not be trusted any more. Or are you using an older version?)
gunars wrote:How would it affect the SimpleNote and Dropbox syncing?
With Simplenote, I'm afraid that they store data unencrypted (proof). But still its https, so at least during transfer the data will be encrypted.
With Dropbox it's much better actually - the notebook file on disk is always encrypted (we chose to use SqlCipher), and that's what Dropbox can see and sync.
gunars wrote:Alex, I know the notebook.disconnect.timeout.seconds setting normally releases the file after 30 seconds. Can it be set (0 or huge number) to never release? I could then leave Dropbox syncing on and just let the .db files sync when I exit CN.
No, setting is to 0 won't do you any good, it will just revert to min setting of 10s. Instead, simply set notebook.disconnect.enabled to 0.
Alex
-
- Posts: 234
- Joined: Fri Nov 08, 2013 5:35 am
- Contact:
Re: Advice needed on the notebook password protection featur
A few responses:
1) The developers of TrueCrypt one day decided to just quit their project. They took down the web site and essentially said "goodbye and stop using TrueCrypt since we no longer support it". But there is nothing wrong with it. Steve Gibson (of Spinrite fame) has been hosting copies of the last official version and has info here: https://www.grc.com/misc/truecrypt/truecrypt.htm. As far as I know, there is nothing wrong with the last version 7.1a. The developers were warning the community since they no longer work with it and don't trust any branch spinoffs.
2) I tried notebook.disconnect.enabled = 0, but McAfee/Dropbox still grabbed the cintanotes.db-journal file and locked on it the same way.
1) The developers of TrueCrypt one day decided to just quit their project. They took down the web site and essentially said "goodbye and stop using TrueCrypt since we no longer support it". But there is nothing wrong with it. Steve Gibson (of Spinrite fame) has been hosting copies of the last official version and has info here: https://www.grc.com/misc/truecrypt/truecrypt.htm. As far as I know, there is nothing wrong with the last version 7.1a. The developers were warning the community since they no longer work with it and don't trust any branch spinoffs.
2) I tried notebook.disconnect.enabled = 0, but McAfee/Dropbox still grabbed the cintanotes.db-journal file and locked on it the same way.
-
- Posts: 354
- Joined: Thu Jan 22, 2009 11:05 pm
- Contact:
Re: Advice needed on the notebook password protection featur
yes #1 (very well argued)
Nod
Nod
- CintaNotes Developer
- Site Admin
- Posts: 5002
- Joined: Fri Dec 12, 2008 4:45 pm
- Contact:
Re: Advice needed on the notebook password protection featur
gunars wrote:1) The developers of TrueCrypt one day decided to just quit their project. They took down the web site and essentially said "goodbye and stop using TrueCrypt since we no longer support it". But there is nothing wrong with it. Steve Gibson (of Spinrite fame) has been hosting copies of the last official version and has info here: https://www.grc.com/misc/truecrypt/truecrypt.htm. As far as I know, there is nothing wrong with the last version 7.1a. The developers were warning the community since they no longer work with it and don't trust any branch spinoffs.
I see, thanks for the info.
gunars wrote:2) I tried notebook.disconnect.enabled = 0, but McAfee/Dropbox still grabbed the cintanotes.db-journal file and locked on it the same way.
Probably the reason is that CintaNotes doesn't use EXCLUSIVE locking mode of SQLite, this means that outside of any running transaction the file is unlocked for reading (when notebook.disconnect is on, the file is unlocked also for writing).
So in case you can't get your sysadmin to add CN to McAffee's exceptions, we could try to add the locking mode option to the settings file.
Alex
-
- Posts: 234
- Joined: Fri Nov 08, 2013 5:35 am
- Contact:
Re: Advice needed on the notebook password protection featur
CintaNotes Developer wrote:gunars wrote:2) I tried notebook.disconnect.enabled = 0, but McAfee/Dropbox still grabbed the cintanotes.db-journal file and locked on it the same way.
Probably the reason is that CintaNotes doesn't use EXCLUSIVE locking mode of SQLite, this means that outside of any running transaction the file is unlocked for reading (when notebook.disconnect is on, the file is unlocked also for writing).
So in case you can't get your sysadmin to add CN to McAffee's exceptions, we could try to add the locking mode option to the settings file.
Would setting the locking mode to Exclusive also affect the journal file? If so, it might be worth a try since getting an exception change for McAfee may not be so simple.
- CintaNotes Developer
- Site Admin
- Posts: 5002
- Joined: Fri Dec 12, 2008 4:45 pm
- Contact:
Re: Advice needed on the notebook password protection featur
gunars wrote:Would setting the locking mode to Exclusive also affect the journal file? If so, it might be worth a try since getting an exception change for McAfee may not be so simple.
Yes, I suppose so. I've added the "sqlite.pragma.locking_mode" setting to the setting file in 2.9 Beta 1 which will be released today (would be grateful if you tried it out!)
However I discovered that setting this option to "EXCLUSIVE" (instead of default "NORMAL"), and setting "notebook.disconnect.enabled" to 0, miraculously doesn't prevent Dropbox from syncing the file. I wonder how it is possible.
Also I've discovered a nasty problem: export of all notes currently won't work with this locking mode, because to retain current filters CN opens a second connection to the database (this can be fixed in future however). So please use with caution.
Alex
- CintaNotes Developer
- Site Admin
- Posts: 5002
- Joined: Fri Dec 12, 2008 4:45 pm
- Contact:
Re: Advice needed on the notebook password protection featur
Ok, I finally figured out how to overcome the problem mentioned above.
More than that, the EXCLUSIVE locking mode gives such a nice performance boost, that I decided to try making this locking mode the default
in the Beta. Let's see how it goes
More than that, the EXCLUSIVE locking mode gives such a nice performance boost, that I decided to try making this locking mode the default
in the Beta. Let's see how it goes
Alex
- CintaNotes Developer
- Site Admin
- Posts: 5002
- Joined: Fri Dec 12, 2008 4:45 pm
- Contact:
-
- Posts: 234
- Joined: Fri Nov 08, 2013 5:35 am
- Contact:
Re: Advice needed on the notebook password protection featur
CintaNotes Developer wrote:Ok, I finally figured out how to overcome the problem mentioned above.
More than that, the EXCLUSIVE locking mode gives such a nice performance boost, that I decided to try making this locking mode the default
in the Beta. Let's see how it goes
Hi Alex,
I did a quick test with sqlite.pragma.locking_mode = EXCLUSIVE. I still get the sync problem with Dropbox whether notebook.disconnect.enabled is 0 or 1. Oh well, at least you found out about the performance boost. Thanks for trying.
Gunars
- CintaNotes Developer
- Site Admin
- Posts: 5002
- Joined: Fri Dec 12, 2008 4:45 pm
- Contact:
Re: Advice needed on the notebook password protection featur
gunars wrote:I did a quick test with sqlite.pragma.locking_mode = EXCLUSIVE. I still get the sync problem with Dropbox whether notebook.disconnect.enabled is 0 or 1. Oh well, at least you found out about the performance boost. Thanks for trying.
You're welcome, Gunars. BTW it seems that the problem is well-known at McAffee:
https://community.mcafee.com/thread/50400
https://kc.mcafee.com/corporate/index?p ... id=KB81595
Alex
-
- Posts: 234
- Joined: Fri Nov 08, 2013 5:35 am
- Contact:
Re: Advice needed on the notebook password protection featur
gunars wrote:BTW, on my work laptop, I have to turn off Dropbox syncing anyway while I run CN. There is a known problem between McAfee Enterprise and Dropbox. When I update a note in CN, Dropbox tries to sync it but McAfee also tries to grab it for on-access scan. As a result, Dropbox keeps trying unsuccessfully to sync it - cpu usage goes up to 30% and the fan starts spinning faster. When I exit CN, it releases the file completely and everything finishes. Normally, the solution would be to add the CN .db files to the exclusion list for virus checking. However, my work laptop is heavily secured and I don't have control over this. So, I just turn off syncing and try to remember to turn it on later. I have one or two other programs that run into this problem, not just CN.
I noticed yesterday that I'm no longer getting conflicts between the current version of Dropbox (3.10.7) and McAfee Enterprise when using CN or the other programs. I'm not sure if Dropbox or McAfee fixed the problem, but I can finally run CN on my work laptop without having to pause Dropbox!
On the other hand, the Google Project Zero team has found a vulnerability in TrueCrypt that was missed by previous audits. The current version of open source VeraCrypt addresses this alread.
More info: http://www.pcworld.com/article/2987439/ ... omise.html
Return to “CintaNotes Personal Notes Manager”