Secure by design
Security has been the primary driving factor for the design of Mimiri Notes from the beginning.
Below is a series of highlights describing the security employed by Mimiri Notes as concisely as possible.
If you are interested in a more in-depth exploration of the security design of Mimiri Notes, one of our founders has written a lengthy blog post on the topic on his personal blog
Below is a series of highlights describing the security employed by Mimiri Notes as concisely as possible.
If you are interested in a more in-depth exploration of the security design of Mimiri Notes, one of our founders has written a lengthy blog post on the topic on his personal blog
Encryption
- All data is encrypted before it leaves your device
- All data is encrypted before it is written to persistent storage on your device
- The encryption algorithm used is AES-GCM-256
- IVs are randomly generated and never reused (also sometimes referred to as a nonce)
- All random data used is cryptographically strong random data
- Your primary AES key is derived directly from your password using PBKDF2-SHA5121
- All communication between client and server is performed over HTTPS
Authentication
- Your password never leaves your device
- On account creation a secret is derived from your password using PBKDF2-SHA5121 and shared with the server
- On account creation a public key (4096 bit RSA) is shared with the server
- Log in is performed using a challenge-response model, where the user proves knowledge of the password without sharing the password with the server. (see more)
- The server issues a challenge consisting of the username, a timestamp and some random data
- The server then shares the challenge with the client
- The client uses the shared secret as a key in HMAC-SHA512 to compute a response from the challenge
- The server then performs the same calculation and compares it with the client's response
- If client and server both arrive at the same result, the client is authenticated
- The server then deletes the challenge, ensuring that no replay attack can be performed
- All subsequent requests to the server are signed and verified using the public key previously shared with the server
- The server does not maintain a session and only processes correctly signed requests
- All requests are tagged with a timestamp and an ID to prevent replay attacks
Local security
- The application is invisible to screen sharing tools by default to prevent accidental sharing
- Passwords in text notes can be obfuscated to prevent exposure when visible on your monitor
- When the application is minimized/suspended for more than one minute, lightweight authentication is required to restore access (see more)
- This is done to limit the window of opportunity if someone gains physical access to your otherwise unlocked device
- When available, biometrics are used, otherwise, a short pin code with only one attempt is used
- Failed lightweight authentication causes reversion to full authentication
Open source
- Mimiri Notes is fully open source and released under GPL v2.0 (both client and server)
- We see no way that real security can exist if the inner workings of the product are obscured
- Open source forces us to remain true to the mission
- Open source makes it impossible to hide backdoors in the code
- Open source allows the community to discover vulnerabilities and for those vulnerabilities to be addressed earlier than any closed source product ever could
- You are free and able to self-host Mimiri Notes if you do not trust us to keep your data safe
- You are free and able to build Mimiri Notes from source if you do not trust us to build your binaries
- You are free and able to fork Mimiri Notes should you find that we are not delivering on our promises