Suggestion: Document the cryptosystem used to encrypt notes in the database.

Question

Suggestion: Document the cryptosystem used to encrypt notes in the database.

Opened this issue 4 years ago · 2 comments

As far as I can tell, Plainpad's app/Models/Note.php module uses Laravel's lluminate\Support\Facades\Crypt class. Some research suggests that the Crypt module implements AES-128 and AES-256, though I haven't found anything definitive about this, nor have I found the cipher mode that it implements (ECB (I hope not)? OFB? CBC?) It would be very helpful to know for sure what was used and how to come up with a threat model for Plainpad.

Answer 1 · 2020-07-16T10:05:24.000Z

Hello @virtadpt

Where would you like to see this information being documented?

	Alex Tselegidis, Plainpad Creator Need a customization? Contact me in person!

Answer 2 · 2020-07-16T19:01:13.000Z

At https://alextselegidis.com/get/plainpad would be good, because that's the first place folks are likely to look (or google). A comment in the source code would also be helpful, because technical users are likely to go grepping through the files looking for hints as to what is used (as I did).