ChrisCN wrote:Can someone use the stored string to open CN without knowing the password?
Ok, the following is my understanding - I am not a Cryptographer, so while I believe the following to be accurate, I cannot absolutely guarantee it is. I am sure that Alex will chime in here as well.
If that is an AES encrypted string as I assume it is, I don't believe so. If the user has selected that option and closed CN, when you attempt to open it again, you are prompted for the password. The only way you can get past this is to provide the correct password. That means decoding that string (you can't enter the string directly into the password box, and the string is already in the cintanotes.settings file, so it isn't a case of being able to enter it into the file to magically unlock the database either).
So, is it possible to decrypt an AES encrypted string? Theoretically, I suppose it is. In practice, I don't believe it is. There are only three ways I can think of to attack it.
1. A colossal mistake in the implementation of the library in CN. I am assuming Alex has implemented an existing AES library rather than tried to make his own - the first thing a Cryptographer will tell you is to not try to implement an algorithm yourself if you are not a Cryptographer as it is extremely easy to screw something up and leave the encryption wide open to attack. Instead, they suggest implementing a library that has been designed by someone who knows what they are doing and has been subject to intense scrutiny and audit. While a mistake in CN's code which adds support for the library is possible, we would never know if that was the case until someone was able to prove it (by a successful attack).
2. The AES algorithm was suddenly - and completely - broken. AES has been subject to intense efforts by Cryptographers and other groups to break it in the years since it was introduced, and no one has publicly succeeded in doing so (if anyone has, they have not announced it - I think it is fairly unlikely it has been, the Snowden leaks have given no indication that even the NSA has been able to do this and if they can't, no one else would have the resources to do it either). If AES was broken, we would have far larger problems than CN - AES is used absolutely everywhere and the damage caused by a complete break of the algorithm would be enormous. There have been successful attacks that can reduce the number of rounds required to decrypt a string encrypted with AES in some circumstances, but the amount of effort required is still in the realm of 'the heat death of the universe will occur first' (ie billions of years).
3. If the attacker knew the way the algorithm was implemented - by checking the code for example - they may be able to attempt a brute force attack on the string (assuming they have the string from the cintanotes.settings file). If the encryption is implemented with a random salt, than this stands no chance of succeeding. If the user password is i. small enough, and ii. is a common dictionary word, then theoretically, a brute force attack may stand a chance of succeeding. With a long enough password, and using no words in the dictionary, a brute force attack will not succeed unless there is a quantum shift in computing power (even brute forcing a short 8 character password with some special characters and no words in the dictionary would take billions of years with the fastest computers currently existing). It is also open to CN to have implemented an extra measure against brute force attacks, similar to what KeePass has done. That is, added some things to slow down the number of password guesses that can be made per second, putting the likelihood of a successful attack even further beyond reach.
With all that said - an attacker would have to be stupid and/or desperate to try and break that string. The single best way for someone to get into your CN database is to get a keylogger on your system and intercept your password as you type it into CN. After that, all they need is a copy of the database - and if they managed to get a keylogger onto your system, why not a trojan that uploads the database to another location as well? Some malware in fact combines these capabilities. Of course, if the attacker knew you, they could obtain a copy of the database and try various password guesses (your date of birth, your dog's name, your name, the usual suspect passwords such as '123' and 'password' etc). If they succeed in this way, it's your own fault for choosing an obvious password!
ChrisCN wrote:It also doesn't help to remove it later because Dropbox is keeping all old versions of a file!?
This would only become an issue if they could decrypt that password string, which as I have posted above, I don't believe is possible.