Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

noanker

macrumors regular
Original poster
Sep 30, 2015
133
101
Question: Does locking a Note with a password encrypt it in any way? If encrypted, any idea as to the encryption used?

Tried looking quickly on the Apple website for more info but came up empty.

Reason behind question: I use Notes to store some ID & passwords and was curious if this is the best place to do so??
 
Question: Does locking a Note with a password encrypt it in any way? If encrypted, any idea as to the encryption used?

Tried looking quickly on the Apple website for more info but came up empty.

Reason behind question: I use Notes to store some ID & passwords and was curious if this is the best place to do so??

If Safari is the browser you use, then you should store them there.

Settings > Safari > Passwords
 
If Safari is the browser you use, then you should store them there.

Settings > Safari > Passwords

The Notes app is far easier to add and edit than viewing it in Safari which is not an acceptable solution.
I'm looking for what type encryption, if any, is used when locking Notes.
 
It's as secure as the password you choose!

My passwords are typically mixed alpha-numeric, upper and lower case and no less than 15 characters in length.
But you still fail to provide an answer as to the encryption Notes uses....
 
128-bit AES encryption

But again that is only as secure as your password ;)
 
128-bit AES encryption

But again that is only as secure as your password ;)

Gav2k,
;)

Well, in looking for details on what type of encryption is utilized by Notes, I found Apple's very own, über-useful iOS Security Guide online. In it, I found the excerpt below regarding Notes' encryption.

AES-GCM is listed as being in NSA's Suite B cryptography:cool:

Secure Notes
The Notes app includes a Secure Notes feature that allows users to protect the contents of specific notes. Secure notes are encrypted using a user-provided passphrase that is required to view the notes on iOS, OS X, and the iCloud website. When a user secures a note, a 16-byte key is derived from the user’s passphrase using PBKDF2 and SHA256. The note’s contents are encrypted using AES-GCM. New records are created in Core Data and CloudKit to store the encrypted note, tag, and initialization vector, and the original note records are deleted; the encrypted data is not written in place. Attachments are also encrypted in the same way.

Supported attachments include images, sketches, maps, and websites. Notes containing other types of attachments cannot be encrypted, and unsupported attachments cannot be added to secure notes. iOS Security—White Paper | May 2016 25 When a user successfully enters the passphrase, whether to view or create a secure note, Notes opens a secure session. While open, the user is not required to enter the passphrase, or use Touch ID, to view or secure other notes. However, if some notes have a different passphrase, the secure session applies only to notes protected with the current passphrase.

The secure session is closed when the user taps the Lock Now button in Notes, when Notes is switched to the background for more than three minutes, or when the device locks. Users who forget their passphrase can still view secure notes or secure additional notes if they enabled Touch ID on their devices. In addition, Notes will show a user-supplied hint after three failed attempts to enter the passphrase. The user must know the current passphrase in order to change it.

Users can reset the passphrase if they have forgotten the current one. This feature allows users to create new secure notes with a new passphrase, but it will not allow them to see previously secured notes. The previously secured notes can still be viewed if the old passphrase is remembered. Resetting the passphrase requires the user’s iCloud account passphrase.
 
  • Like
Reactions: Benjamin Frost
Question: Does locking a Note with a password encrypt it in any way? If encrypted, any idea as to the encryption used?

Tried looking quickly on the Apple website for more info but came up empty.

Reason behind question: I use Notes to store some ID & passwords and was curious if this is the best place to do so??


Maybe OneNote might be a better alternative?

Ps: I've not read all the other replies...
 
Maybe OneNote might be a better alternative?

Ps: I've not read all the other replies...

You might want to take a few minutes to peruse the rest of the thread. I managed to find some really good info which answered my original question and posted it.

I try, when at all possible, to use Apple's programs if they fit my requirements. Having looked at the encryption they're using, I'm quite pleased. I've been going through my online accounts, changing passwords and recording them in Notes followed by password-protecting them.
 
  • Like
Reactions: ivanwi11iams
But then when you need a website password you have to open Notes, copy the pw, then paste it into Safari. How is that easier than Keychain auto-populating them for you?

Personal preference. I use the keychain for some websites and for others, I use Notes. Some sites, such as banking and investment, are not recorded anywhere.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.