Last week we introduced a new security feature called Device Storage Encryption (DSE) for iOS, Android, Web, and Desktop. We mentioned briefly how in addition to the already end-to-end encrypted sync Standard Notes provides, DSE can further safeguard your data by making sure unencrypted data never touches a hard drive. This post explains how DSE works, and how it fits in with the existing encryption technologies used by Standard Notes.
When you’re using Standard Notes with a signed in account, we generate private encryption keys from your password, and save these keys on device. Every key stroke you type, and thus every change you make to a note, is immediately encrypted using these keys, then synced to your other devices. Since you’ll have signed in to these other devices as well, those devices will have your encryption keys available to decrypt incoming changes.
Expanding our Threat Model
Before DSE, your encryption keys would need to be stored on your local computer without being encrypted. This was because without an additional password, there would be no straight forward way to encrypt your keys for offline storage (particularly on the web app). Our main threat model (or, what we set out to protect against) was making sure no one but you can read your notes. We treated servers and unencrypted online transmission of data as the main enemy. Your personal device, protected by you in the comfort of your pocket or your home, we treated as safe.
With DSE, we expand our threat model to also protect you from device seizures, loss, and theft. All of our applications on every platform (Mac, Windows, Linux, iOS, Android, and Web) now offer the option to add an extra application password called a “Local Passcode”.
This passcode serves two purposes:
- It will lock the application with a passcode which must be entered before you can enter, use, and read application data.
- On Desktop and Web, it will encrypt your local key storage. This means that keys that were once stored on your offline device without encryption will now be encrypted using AES-256 with a key derived from your local passcode using PBKDF2.
The result is actually kind of cool: unencrypted data never touches your hard drive, or anyone else’s hard drive.
How it works:
- On enter, the app prompts for your local passcode.
- It compares the hash of your inputted password to a saved hash, and if correct, uses your inputted password to generate the remainder of your keys.
- These keys are used to decrypt your saved account encryption keys.
- The application now reads encrypted data from your local database, and decrypts this data using your decrypted account keys.
- The decrypted data now lives only in ephemeral memory, and is displayed so that it can be edited by the user.
- When you make a change to a note, it is encrypted immediately, then synced to your account and saved in your device's database.
- Finally, when you quit the app, the decrypted data which lived in memory is immediately destroyed.
What’s the significance of decrypted data never touching your hard drive? Well, hard drives are sort of tricky to keep an eye on. Once a file touches disk, you can’t be certain that a copy of it wasn’t made, or that it wasn’t backed up by your system, or synced to a file syncing platform. With memory, things are more volatile, but ephemerality is built in. You can be sure that it won’t be backed up by a system process or 3rd party application.
(On iOS and Android, your keys are stored in your device’s secure keychain, so a local passcode serves more as a deterrent to unwanted physical access, compared to the web app, where a secure device keychain is not available.)
You can learn more about our other privacy measures here. You can also download the new applications for your platform from our downloads page. And as always, if you have any questions, please don’t hesitate to reach out to firstname.lastname@example.org.