Protecting Notes
RightNote includes an industry standard 128-bit encryption system that allows you to keep your sensitive information confidential and secure. You can protect individual notes and pages or an entire RightNote file.
All encryption and decryption is password based: this means RightNote does not store the password in any "hidden" place or in some encrypted form. Instead, protected information can only be retrieved after the password key has been supplied by the user. Without this key no encrypted information can be decrypted.
File and note passwords
Many protection schemes are "file" based. This means that the user sets up a password for opening the file, after which the file can only be opened with this password. Once the password has been supplied all data is freely accessable until the file is subsequently closed.
For a note taking application this approach has it's drawbacks. Typically one likes to have the application running (with an open file) in the background, so that one can easily restore the application to insert new information or perform a search. If one uses a protected file in this way, then it means that one's sensitive information will have to be left unlocked for long periods, possibly compromising secutiry.
A "note" based scheme is one that allows you to place a lock on selected notes within a notebook. This approach is more generally more secure, and avoids the problem mentioned above, i.e. you can safely leave your file open and still keep selected notes secure. A possible drawback with this approach is that accessing information may become more inconvenient, having to unlock secure notes each time one bumps into them - compared to the "file" based scheme where all information is readily accessable.
RightNote allows you to use both approaches:
- You can set up a "file" password to protect the entire file, and/or
- a "note" password which can be used to protect selected notes or pages.
These passwords are setup in the Protection tab of the File Properties Dialog. (File- >File Properties).
After you have set up a "note" password, you can set the "Protect" property of a page (F6) or a note (F2) in order to protect them.
Features and usage
Central Locking
The "note" password works in a "central locking" type of fashion. Once you supply the "note" password, for any reason: e.g. to unlock a note or during a search, the "note" password is then available, and all protected notes are accessible. Likewise, once you "lock the notes" (ctrl+L), all notes are locked.
Protected notes and the Full Text Search engine
A very useful feature of RightNote is the "Full Text Search" capability which allows you to obtain search results very quickly. To achieve this, the database file needs to store a plain text copy all note content which is then indexed in order to obtain fast searches. Obviously, you don't want to keep a plain text copy of a protected note lying around somewhere in the search index of the database.
So keep this in mind: Any protected note cannot be searched with the Full Text Search (i.e "fast" search) capability. It can only be searched via normal or database search. If you are using "fast" search mode, and you have checked the "include protected" option, then unprotected notes will be search via fast search and any protected notes will be search via "database" search (provided of course, you provide the password or the password is available).
Choosing strong passwords
Although the underlying encryption mechanism in RightNote uses a 128-bit cryptographic "key" (which is very secure), this key is directly "derived" from the password supplied by the user, and as the saying goes "a chain is only as strong as it's weakest link!", so if the user's password has an effective strength of 64-bits (weak), it doesn't really help that the encryption key is 128-bit. If someone uses their name as their password (or phone number or pet's name..), it doesn't really help that the encryption key is 128-bit strong...this password can easily be guessed and discovered.
As a short summary, here is a quote from the paragraph titled "Guidelines for strong passwords".
- Common guidelines for choosing good passwords are designed to make passwords less easily discovered by intelligent guessing:
- Include numbers, symbols, upper and lowercase letters in passwords
- Password length should be around 12 to 14 characters
- Avoid passwords based on repetition, dictionary words, letter or number sequences, usernames, or biographical information like names or dates."
Remember: The more random a password "looks" (numbers, symbols, upper and lowercase letters) consisting of the more likely it is to be strong.
A technique mentioned in this article that you may find useful: "Mnemonic passwords: Some users develop mnemonic phrases that generate seemingly random passwords". Such passwords are easy to remember although they still appear to be random.
Another quote from the paragraph titled "Examples that follow guidelines"
"The passwords below are examples that follow guidelines for a strong password. Since these passwords have been publicly published, they should never be used verbatim.
- 4pRte!ai@3 — mixes uppercase, lowercase, numbers, and punctuation
- Tp4tci2s4U2g! — built from a phrase that a user can memorize: "The password for (4) this computer is too (2) strong for you to (4U2) guess!" — mixes types of character as well
BBslwys90! — loosely based on a phrase that a user can memorize: "Big Brother is always right (right angle = 90°)!" — mixes types of character as well. "
|
