Trail of Bits
Audit Open Original ↗

Standard Notes

Type

Security review

Client

Standard Notes

Date

2020-03

Domain

Crypto

Effort

1 wk

Section

Cryptography Reviews

Trail of Bits's security review of Standard Notes (Mar 2020) identified 4 issues: 1 medium, and 3 informational.

Findings · 4

  1. 1 Small, insecure passwords are allowed when users change passwords Medium
  2. 2 Secrets remain in memory for undetermined amount of time Informational
  3. 3 Timing information on root key comparison could leak part of root key Informational
  4. 4 Keys.offline.pw value not cleared in migrateStorageStructureForMobile Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related