plainpad icon indicating copy to clipboard operation
plainpad copied to clipboard
verified publisher icon alextselegidis

Suggestion: Document the cryptosystem used to encrypt notes in the database.

Open virtadpt opened this issue 5 years ago • 2 comments

As far as I can tell, Plainpad's app/Models/Note.php module uses Laravel's lluminate\Support\Facades\Crypt class. Some research suggests that the Crypt module implements AES-128 and AES-256, though I haven't found anything definitive about this, nor have I found the cipher mode that it implements (ECB (I hope not)? OFB? CBC?) It would be very helpful to know for sure what was used and how to come up with a threat model for Plainpad.

virtadpt avatar Jun 06 '20 01:06 virtadpt

Hello @virtadpt

Where would you like to see this information being documented?

  Alex Tselegidis, Plainpad Creator
  Need a customization? Contact me in person!

alextselegidis avatar Jul 16 '20 10:07 alextselegidis

At https://alextselegidis.com/get/plainpad would be good, because that's the first place folks are likely to look (or google). A comment in the source code would also be helpful, because technical users are likely to go grepping through the files looking for hints as to what is used (as I did).

virtadpt avatar Jul 16 '20 19:07 virtadpt