Plaintext (un-encrypted!) data potentially stays on disk

[josephernest]

Hi,
I've been working on a similar project, but here is a problem that I faced, and it seems to be present in your code as well:

https://github.com/aviaryan/SublimeNotebook/blob/master/sublime_notebook/cryptlib.py#L112

and

https://github.com/aviaryan/SublimeNotebook/blob/master/sublime_notebook/sublime_notebook.py#L55

When you overwrite the unencrypted data with crypted data, you are not sure that the OS or the HDD/SSD hardware writes it at the same place on the disk, on the same blocks / sectors of the disk.

Result: the unencrypted data (plain text) can stay on your disk, and be easily recovered with a simple Undelete tool / HEX viewer. A software like Recuva and wxHexEditor will be able to see your files without the master password...

What do you think? I've been thinking about this problem for a long time too!

[aviaryan]

You are right. But I never took this issue too seriously. Encryption in SublimeNotebook or VSCodeNotebook is only meant to protect your sensitive documents from regular people like your friends and family who manage to peek/use your computer once in a while.

If you are syncing the note files to Dropbox, Dropbox stores file histories too. So if Dropbox is hacked, you are still at risk. But having your Dropbox hacked is a big risk anyway because people keep all kinds of private documents in there.

If we do want to solve this problem, however, the simplest way is to always save the file encrypted.

1. When the user wants to edit a note, the file is decrypted in memory and the text is replaced in Sublime Text (so the file is in unsaved mode).
2. The user edits the note.
3. When the user hits save, a plugin triggers first, it takes the note and encrypts it, and saves it in encrypted form.

The above flow can be made more user-friendly if plugin takes more control over Sublime Text but you get my point.

---

Is this your similar project?

[josephernest]

Thanks for your answer!

You are right. But I never took this issue too seriously. Encryption in SublimeNotebook or VSCodeNotebook is only meant to protect your sensitive documents from regular people like your friends and family who manage to peek/use your computer once in a while.

Yes, I agree, for this it's totally OK.

If we do want to solve this problem, however, the simplest way is to always save the file encrypted.
When the user wants to edit a note, the file is decrypted in memory and the text is replaced in Sublime Text (so the file is in unsaved mode).
The user edits the note.
When the user hits save, a plugin triggers first, it takes the note and encrypts it, and saves it in encrypted form.
The above flow can be made more user-friendly if plugin takes more control over Sublime Text but you get my point.

Exactly, I totally agree with this. I was thinking about writing a plugin to do exactly this. If you're interested, ping me via email (see contact in website below).

I think it can be done with on_pre_save: https://stackoverflow.com/questions/43279931/perform-action-before-save-on-pre-save

Is this your similar project?

No, it's this:
https://illdoitlater.xyz/t/freetext
(website not properly launched yet, still in progress :) )

[aviaryan]

Exactly, I totally agree with this. I was thinking about writing a plugin to do exactly this. If you're interested, ping me via email (see contact in website below).

Thanks. I am not working on this atm because it is not critical + busy with other things. I will contact you if this changes. 😄