/note256

Here's the thing. As developers, we've constantly been working with some kind of credential data mess: host configurations, deployment options, backup copies of certificate keys, & so on. Then, we need it all to be privately available online - to share with colleagues, client tech admins or those freelance guys.

What is the way all this data is being stored in a real-world process, 95% of cases? Sad but true, I tell you: something in a plain text file on a host; [or] inside dropbox/gdocs shared doc; [or] even buried into an email archive ("I had sent you the SSH pass few months ago"). This can not be considered a secure approach by any means.

And what is «secure» in our cloud-era? It should mean that no authorized third party can physically access your data, even the storage host itself. We've seen stories where a bad guy or a malware code gained root access to servers and was able to bypass the «outside» security measures - because, you know, it's a root. Data can be considered secure if it's accessible on authenticated client premise ONLY - which means, an industry-grade client security endpoint has to be implemented in your browser. So we did it.

Why you'll need this tool?

Features

• convenient and usable low-distraction UI. Perfectly suited for configs and raw material.
• AES-256 (=years of decoding) for everything. MD5 hashes for content markers. No exceptions.
• everything works inside a browser, no installation, on almost any device (do these smart watches already have web broswer?)
• precise document-applied encryption. You can define a password for every piece of content.
• a workspace. Security measures are no option to leave comfort behind.
• Unicode and I18N friendly. 虎穴に入らずんば虎子を得ず。
• No third party code or stats or metrics or GTM or pixels or whatever.
• Full GDPR and CCPA compliance because we don't even know your data existed.
• all docs have a shared «panel side» which can be optionally encrypted separately
• documents have inner structure, easily modified via project list
• you may have as many separate secure document spaces as you wish, just change the project access key on the fly

Start using it

Just in case you missed the magic button:

We had added PWAT because we basically want to get new users and some buzz at this point. The service now features no ads at all, no hidden/paid features, everything is accessible right now «as is» for everyone, so a small tweet looks fair.

Year 2020 story

Guys and gals, i need to say that: we built some promising platform, which is now used by an amount of cool people - you, to be specific.

- - -

As for me, i keep some of my sensitive data inside Note256, you know. Of course. And during these years of service with Note256, once in a lifetime is has to happen: i forgot my master key for it. For my data. That small part of data i need now. Completely lost.

We are all humans after all. Ironic, isn't it :)

I spent some time, trying to reach my data, given the fact i have all backups, sources, possible time span analysis on the data timelines, exact signature check routines - that small part that ensures in your browser that everything is encoded and decoded properly. Everything. But here is the joke: when i built Note256, i really was into idea that security of our data should have NO slight compromise and NO possible workarounds in the data pipeline.

So here i am, sitting with a files that proven to be a white noise without proper keys. Even with the fact i know the exact internal structure and i am the author of this code.

* Your files are up and running, 100% intact, you can check it any time you want - no worries. That's just my story.

- - -

But now i'm 100% sure we have no even a slight hole in the platform. It will cost me another 3 or 4 months to restore all the material and data i have here, encrypted. Because without the key it's useless and now i'm sure with it, like never before.

I did some math. Given that i know my possible key length, symbols that i used in it, and imagine the fact that i possibly may brute-force it, for instance, with 100 000 000 checks per second (which is a _very_ optimistic approach if i use server farm that will cost me hundreds of $$$), that task still need roughly ~3 billion of CPU days.

Our life seems to be so short, when looking with such approach.

Anyway, treat this like a somehow sad, but a funny story :) I just wanted to share. 4 months of duplicate work is still a significally better option for me :)

* I once cracked the Microsoft Bitlocker algorithm, which is "unbreakable" y'know, just because a) my life was depending on it, literally and b) i knew how it operates to the bare metal, because i worked inside MSFT. That's i save for another story, maybe. On this exact case, despite being not the worst person in a world to write and break crypto code, i have no ideas and no magic for me.

Your data is bulletproof safe. Secure at its bare math core - and i mean it :D

- - -

Somewhere in background, i have ideas how to improve the platform to give it modern features and maybe modern look and feel (who is using jquery in 2020?), so eventually i'll give it a try. If you have bright ideas, feature requests, feel free to drop me a word in Twitter @note256 or any media you like.

Or just say cheers for my story :D It was nice experience for me.

Keep safe, stay home, rule the world.