How are notes stored on the server?

All noted are encrypted in the client with the AES algorithm. After the note has been encrypted, it is then sent to tje server stored on disk.

How secure is AES encryption?

Blowfish was designed by cryptographer Bruce Schneier as an alternative to DES. Currently, there has not been a practical attack on the Blowfish cipher. Blowfish was chosen due to it's fast performance in software and its flexibility in key lengths.

How can I send my note?

After a note has been created, you will be given a random and unique link that you can send to your intended recipient. You could then send this link via email or instant message. Further, a QR code is generated that you can scan with a mobile device. This allows you to also send the link via text message easily, or any other communication tool that may be installed on the mobile device..

How do I undo sending a note?

If you suspect that you have sent the note to the wrong person, have sent the note prematurely, or just sent the wrong data, you can destroy the note by just visiting the link. Once the note has been viewed, the note is destroyed, and will no longer be available.

Can I send a note to multiple recipients?

No, you cannot. This web application is designed for single viewing only. If you want to send a note to multiple recipients, then you must create multiple notes, one for each person.

How secure is the shared password on the server?

The security of the shared password on the server is determined by the system administrator running this application. This application should run with only root and web software privileges. No other user on the system is needed to see the document root of the d-note application.

How secure is the private password?

Because the note encryption is symmetric cryptography, anyone with the encryption key can decrypt the note, and view its contents. As such, it is critical that the private key be private, only between the sender and the recipient.

Why am I forced to use JavaScript?

Data is encrypted client-side using Crypt-JS library. So Javascript must be enabled.

How secure is my note really?

Nothing is 100% secure. There are always tradeoffs. Even though I've gone to great lengths to protect your data by default, the system administrator running this application on his server might be careless, or even malicious. As such, if possible, you should host this application on your own web server. Further, you probably should not put all of your eggs in one basket. It is best practice to send usernames to the recipient via one method, and passwords via another. That way, it could be difficult for a single person to collect all of the necessary data. Lastly, if this application is not served over SSL, then packets could be sniffed off the wire, and the contents of the note revealed in plaintext.

Are there any backdoors?

No. There are no backdoors in the default source code. Because this application is Free and Open Source Software, you are free to download and examine the source code yourself, and determine if any backdoors exist.

Are you sharing my data with the NSA, MI6, KGB, etc.?

You will need to ask the administrator of the server running this site. There are no backdoors in the default source code, as already mentioned, and nothing is calling home. All network interaction, by default, is communicated strictly between your browser and this server.