Skip to content

Do we use encryption?

Jump to bottom
Tyler edited this page Apr 7, 2025 · 3 revisions

Why not use encryption?

We chose not to use encryption because the idea behind SafeNotes is to add an extra layer of security to your notes, not to be a 100% foolproof solution to securing your notes. There are still pros to using encryption even on a local machine, which is how SafeNotes operates. However, I will also review this in detail in the following heading. Still, as it stands right now, the application will not incorporate encryption during this time; however, in the future, it is definitely possible, because I do not think that level of security and privacy is needed when the goal, right now, is to provide safety from those using your computer. Many still journal and write notes in a notebook that they have to hide from people; at least with this application, you do not have to worry about hiding anything from anyone because SafeNotes does it for you.

How does SafeNotes secure your journals?

SafeNotes secures journal entries primarily through the following methods:

  1. Password Protection: Users must set a password during registration, which is then used for subsequent logins. This password is stored in the application settings (Properties.Settings.Default.setUserPassword).
  2. File Obfuscation: When journal entries are saved to the entries.txt file, the actual content is replaced with asterisks (*) to obscure the text. This is done to prevent casual viewing of the file contents.
  3. User Authentication: The application checks if the user is logged in before allowing access to the journal entries. This is controlled by the setIsUserLoggedIn setting.
  4. Notifications: The application provides notifications for various actions such as adding, editing, and deleting entries, which helps keep the user informed about the state of their data.

I will also address the drawbacks of SafeNotes:

While the current implementation provides a basic level of security through password protection and file obfuscation, it does not offer robust protection against more determined attacks.

Here are some potential risks and or issues:

• Password Storage: Storing passwords in plain text within application settings is not secure. It is recommended that hash passwords be stored using a strong hashing algorithm (e.g., SHA-256) instead.

• File Encryption: Obfuscating the file content with asterisks is not secure. Encrypting the journal entries using a strong encryption algorithm (e.g., AES) would provide much better security. This ensures that even if the entries.txt file is accessed, the content remains unreadable without the correct decryption key.

What are the plans to enhance the security of SafeNotes?

  1. Password Hashing: Instead of storing passwords in plain text, store a hashed version using a strong hashing algorithm (e.g., SHA-256). This way, even if someone accesses the settings file, they cannot easily retrieve the original password.
  2. File Encryption: Encrypt the entries.txt file using a strong encryption algorithm (e.g., AES). This ensures that even if someone accesses the file, they cannot read its contents without the decryption key.
Clone this wiki locally