128-bit AES encryption
But again that is only as secure as your password
Gav2k,
Well, in looking for details on what type of encryption is utilized by Notes, I found Apple's very own, über-useful iOS Security Guide online. In it, I found the excerpt below regarding Notes' encryption.
AES-GCM is listed as being in NSA's Suite B cryptography
Secure Notes
The Notes app includes a Secure Notes feature that allows users to protect the contents of specific notes. Secure notes are encrypted using a user-provided passphrase that is required to view the notes on iOS, OS X, and the iCloud website. When a user secures a note, a 16-byte key is derived from the user’s passphrase using PBKDF2 and SHA256. The note’s contents are encrypted using AES-GCM. New records are created in Core Data and CloudKit to store the encrypted note, tag, and initialization vector, and the original note records are deleted; the encrypted data is not written in place. Attachments are also encrypted in the same way.
Supported attachments include images, sketches, maps, and websites. Notes containing other types of attachments cannot be encrypted, and unsupported attachments cannot be added to secure notes. iOS Security—White Paper | May 2016 25 When a user successfully enters the passphrase, whether to view or create a secure note, Notes opens a secure session. While open, the user is not required to enter the passphrase, or use Touch ID, to view or secure other notes. However, if some notes have a different passphrase, the secure session applies only to notes protected with the current passphrase.
The secure session is closed when the user taps the Lock Now button in Notes, when Notes is switched to the background for more than three minutes, or when the device locks. Users who forget their passphrase can still view secure notes or secure additional notes if they enabled Touch ID on their devices. In addition, Notes will show a user-supplied hint after three failed attempts to enter the passphrase. The user must know the current passphrase in order to change it.
Users can reset the passphrase if they have forgotten the current one. This feature allows users to create new secure notes with a new passphrase, but it will not allow them to see previously secured notes. The previously secured notes can still be viewed if the old passphrase is remembered. Resetting the passphrase requires the user’s iCloud account passphrase.
