iOS Notes - Question regarding locking Notes

Discussion in 'iOS 9' started by noanker, Jul 11, 2016.

  1. noanker macrumors member

    noanker

    Joined:
    Sep 30, 2015
    #1
    Question: Does locking a Note with a password encrypt it in any way? If encrypted, any idea as to the encryption used?

    Tried looking quickly on the Apple website for more info but came up empty.

    Reason behind question: I use Notes to store some ID & passwords and was curious if this is the best place to do so??
     
  2. M. Gustave macrumors 68000

    M. Gustave

    Joined:
    Jun 6, 2015
    Location:
    Grand Budapest Hotel
    #2
    If Safari is the browser you use, then you should store them there.

    Settings > Safari > Passwords
     
  3. noanker thread starter macrumors member

    noanker

    Joined:
    Sep 30, 2015
    #3
    The Notes app is far easier to add and edit than viewing it in Safari which is not an acceptable solution.
    I'm looking for what type encryption, if any, is used when locking Notes.
     
  4. Gav2k macrumors G3

    Gav2k

    Joined:
    Jul 24, 2009
  5. noanker thread starter macrumors member

    noanker

    Joined:
    Sep 30, 2015
    #5
    My passwords are typically mixed alpha-numeric, upper and lower case and no less than 15 characters in length.
    But you still fail to provide an answer as to the encryption Notes uses....
     
  6. Gav2k macrumors G3

    Gav2k

    Joined:
    Jul 24, 2009
    #6
    128-bit AES encryption

    But again that is only as secure as your password ;)
     
  7. Benjamin Frost Suspended

    Benjamin Frost

    Joined:
    May 9, 2015
    Location:
    London, England
    #7
    It's a shame that we can't simply lock the Notes app, so every note is locked by default.
     
  8. Gav2k macrumors G3

    Gav2k

    Joined:
    Jul 24, 2009
    #8
    You can and many of us do
     
  9. Benjamin Frost Suspended

    Benjamin Frost

    Joined:
    May 9, 2015
    Location:
    London, England
    #9
    How?
     
  10. noanker thread starter macrumors member

    noanker

    Joined:
    Sep 30, 2015
    #10
    Gav2k,
    ;)

    Well, in looking for details on what type of encryption is utilized by Notes, I found Apple's very own, über-useful iOS Security Guide online. In it, I found the excerpt below regarding Notes' encryption.

    AES-GCM is listed as being in NSA's Suite B cryptography:cool:

    Secure Notes
    The Notes app includes a Secure Notes feature that allows users to protect the contents of specific notes. Secure notes are encrypted using a user-provided passphrase that is required to view the notes on iOS, OS X, and the iCloud website. When a user secures a note, a 16-byte key is derived from the user’s passphrase using PBKDF2 and SHA256. The note’s contents are encrypted using AES-GCM. New records are created in Core Data and CloudKit to store the encrypted note, tag, and initialization vector, and the original note records are deleted; the encrypted data is not written in place. Attachments are also encrypted in the same way.

    Supported attachments include images, sketches, maps, and websites. Notes containing other types of attachments cannot be encrypted, and unsupported attachments cannot be added to secure notes. iOS Security—White Paper | May 2016 25 When a user successfully enters the passphrase, whether to view or create a secure note, Notes opens a secure session. While open, the user is not required to enter the passphrase, or use Touch ID, to view or secure other notes. However, if some notes have a different passphrase, the secure session applies only to notes protected with the current passphrase.

    The secure session is closed when the user taps the Lock Now button in Notes, when Notes is switched to the background for more than three minutes, or when the device locks. Users who forget their passphrase can still view secure notes or secure additional notes if they enabled Touch ID on their devices. In addition, Notes will show a user-supplied hint after three failed attempts to enter the passphrase. The user must know the current passphrase in order to change it.

    Users can reset the passphrase if they have forgotten the current one. This feature allows users to create new secure notes with a new passphrase, but it will not allow them to see previously secured notes. The previously secured notes can still be viewed if the old passphrase is remembered. Resetting the passphrase requires the user’s iCloud account passphrase.
     
  11. Gav2k macrumors G3

    Gav2k

    Joined:
    Jul 24, 2009
    #11
    Your phone has a passcode and Touch ID to unlock
     
  12. Benjamin Frost Suspended

    Benjamin Frost

    Joined:
    May 9, 2015
    Location:
    London, England
    #12
    So you can't.

    Thanks for nothing.
     
  13. Gav2k macrumors G3

    Gav2k

    Joined:
    Jul 24, 2009
    #13
    It wouldn't be very Apple like to lock an app like that. You need to unlock your device anyway so in tern the app is restricted by default.
     
  14. ivanwi11iams Contributor

    ivanwi11iams

    Joined:
    Nov 30, 2014
    Location:
    Atlanta, GA
    #14

    Maybe OneNote might be a better alternative?

    Ps: I've not read all the other replies...
     
  15. noanker thread starter macrumors member

    noanker

    Joined:
    Sep 30, 2015
    #15
    You might want to take a few minutes to peruse the rest of the thread. I managed to find some really good info which answered my original question and posted it.

    I try, when at all possible, to use Apple's programs if they fit my requirements. Having looked at the encryption they're using, I'm quite pleased. I've been going through my online accounts, changing passwords and recording them in Notes followed by password-protecting them.
     
  16. M. Gustave macrumors 68000

    M. Gustave

    Joined:
    Jun 6, 2015
    Location:
    Grand Budapest Hotel
    #16
    But then when you need a website password you have to open Notes, copy the pw, then paste it into Safari. How is that easier than Keychain auto-populating them for you?
     
  17. noanker thread starter macrumors member

    noanker

    Joined:
    Sep 30, 2015
    #17
    Personal preference. I use the keychain for some websites and for others, I use Notes. Some sites, such as banking and investment, are not recorded anywhere.
     

Share This Page