Secure by design
Security has been the primary driving factor for the design of Mimiri Notes from the beginning.
Below is a series of highlights describing the security employed by Mimiri Notes as concisely as possible.
If you are interested in a more in-depth exploration of the security design of Mimiri Notes, one of our founders has written a lengthy blog post on the topic on his
personal blogEncryption
All data is encrypted before it leaves your device All data is encrypted before it is written to persistent storage on your device The encryption algorithm used is AES-GCM-256 IVs are randomly generated and never reused (also sometimes referred to as a nonce) All random data used is cryptographically strong random data Your primary AES key is derived directly from your password using PBKDF2-SHA5121 All communication between client and server is performed over HTTPS Authentication
Your password never leaves your device On account creation a secret is derived from your password using PBKDF2-SHA5121 and shared with the server On account creation a public key (4096 bit RSA) is shared with the server Log in is performed using a challenge-response model, where the user proves knowledge of the password without sharing the password with the server. (see more)- The server issues a challenge consisting of the username, a timestamp and some random data
- The server then shares the challenge with the client
- The client uses the shared secret as a key in HMAC-SHA512 to compute a response from the challenge
- The server then performs the same calculation and compares it with the client's response
- If client and server both arrive at the same result, the client is authenticated
- The server then deletes the challenge, ensuring that no replay attack can be performed
All subsequent requests to the server are signed and verified using the public key previously shared with the server The server does not maintain a session and only processes correctly signed requests All requests are tagged with a timestamp and an ID to prevent replay attacks Local security
The application is invisible to screen sharing tools by default to prevent accidental sharing Passwords in text notes can be obfuscated to prevent exposure when visible on your monitor When the application is minimized/suspended for more than one minute, lightweight authentication is required to restore access (see more)- This is done to limit the window of opportunity if someone gains physical access to your otherwise unlocked device
- When available, biometrics are used, otherwise, a short pin code with only one attempt is used
- Failed lightweight authentication causes reversion to full authentication
Open source
Mimiri Notes is fully open source and released under GPL v2.0 (both client and server) We see no way that real security can exist if the inner workings of the product are obscured Open source forces us to remain true to the mission Open source makes it impossible to hide backdoors in the code Open source allows the community to discover vulnerabilities and for those vulnerabilities to be addressed earlier than any closed source product ever could You are free and able to self-host Mimiri Notes if you do not trust us to keep your data safe You are free and able to build Mimiri Notes from source if you do not trust us to build your binaries You are free and able to fork Mimiri Notes should you find that we are not delivering on our promises 