Encryption in DevonThink

When I create an encrypted database, is Devonthink implementing AES256 or is it using the MAC’s disk utility? (I read an article about backdoors that many encryption programs have and got paranoid)

Page 11 of the current DEVONthink 3.8 Documentation

Encrypted Databases: If you have databases containing sensitive or private information, you can create an encrypted database. This is specialized AES-256 encrypted disk image that will not appear in the Finder or your desktop when it’s open.

1 Like

so?

You asked whether DT is implementing AES256. I responded with a section from the handbook which says that DT is implementing AES256.

And, as they say, is not an interrogative. I believe the same is valid for so.

1 Like

Ah ok, I get it. But I was wondering if Devonthink implements AES256 by itself, reasoning that, since I trust DevonThech, I can rest assured that it doesn’t contain a backdoor.

Right, now I understand. I think @cgrunenberg would probably have to answer that.

Being paranoid myself, I fear that irrespective of who has implemented it, you have a choice of two bad options: they have completely worked encryption from scratch by themselves - you can be sure there is no backdoor if you trust them, but correct implementation of encryption requires in-depth specialist knowledge, and mistakes happen. Or they use available libraries which may make correct implementation more likely, but could contain backdoors.

Just so as there are no misunderstandings: I trust DEVONtech and their work. At the same time, I believe that today’s encryption is tomorrow’s data - I assume that technological advances will lead to what is currently difficult to crack being simple to access. As such, I have a subset of data which will never be synced via any structure which I don’t have control over (think, for example, data which would put me in jeopardy with regards data protection legislation, but also data which would help others pursue identity theft).

So, stay a little paranoid. Says the random person in the internet who has no training in these matters.

1 Like

Ah I’m glad, it’s always a pleasure to meet another paranoid, we always understand each other. Yes I agree with you, the technology of tomorrow will change the meaning of what it is today. The point is that if I can feel comfortable that the current calculation capacity of a supercomputer will take centuries to decipher my data, in the same way I feel comfortable if the technology will be able to do the same job in 10 seconds, but in 50 years, when I will probably pass away and I will not care about my data (or even before if I will become demented and indifferent). In any case, I’d like to know from DevonTech how they use AES256 (their own implementation that they vouch for or an audited library)

The best thing to do is play with a test database.

As far as I can tell, the encryption is done by the Mac OS. An encrypted database is an encrypted, sparse, disk image. If you rename an encrypted DT database from something.dtSparse to something.dmg, a double click (and the password) will mount it in the Finder.

One thing to be aware of - when you import a database you have the option of importing encrypted or unencrypted. An unencrypted import of a database to your laptop that was encrypted on your desktop will be unencrypted on your laptop.

That’s a decision you make on the new import from a sync store. After that, the encryption option you chose sticks with the database.

5 Likes

@Amontillado is correct in how an encrypted database in DEVONthink is created.
But no, there’s no back door.

Well, you would say that, wouldn’t you? :crazy_face: But for the OP (and anybody else, actually) the question then comes down to “do I trust Apple’s implementation of encrypted volumes?” Seeing as there has been significant political pressure brought to bear on companies, Apple still doesn’t encrypt all its iCloud offerings in a fashion which would prohibit access to all but the user, and they forgot to tell people about Siri storing recordings for them to be listened to by human operators, I don’t find the idea of a degree of mistrust totally abstruse.

2 Likes

In the end you always have to trust the creator of the hardware and especially of the operating system. Each component could easily monitor, collect or share your data theoretically (and therefore make encryption somewhat useless).

4 Likes

I like Devonthink’s approach to encrypted databases. It should keep them out of court if black hats use DT databases, which, of course, is a nightmare scenario. The idea of the power of Devonthink in evil hands - America could have fallen if J. Edgar had Devonthink instead of cardboard boxes for his beloved secret files!

1 Like

Honestly, if someone doesn’t trust Apple but uses any Google-owned service including Chrome (ugh!), Facebook/Instagram, Twitter, etc. they have far worse things to be worried about.

:slight_smile:

11 Likes

now it’s clear to me: more than in Devonthink, the point is to trust Apple

Whilst I still think a cautious level of distrust is a good thing, if you don’t trust the maker of your operating system, you have lost - the OS must have access to everything, and so could, in theory, be disseminating your data left, right and center. Sleep well :smiley:

3 Likes

my residual worries by now are theoretical, philosophical I would say

Well, there’s always the airgap option, tedious though it is.

(For less paranoid readers of the thread, an airgapped system is one with no external connections of any kind. If it can’t communicate with other systems, it can’t share your data even if it wants to. Which obviously makes it a bit inconvenient to use, too.)

2 Likes

I look at it as a risk vs. benefits scenario. You could “air gap” your computers or set up some super-fancy computer security measures inspired by In Stephenson’s Cryptonomicon. Maybe you could design the OS yourself. But, even if I had such skills, I definitely don’t have the time, so I tend to work with what I’ve got on hand to accomplish the other stuff I want to do.

In my experience, Apple provides better privacy and security than Windows with much less fuss, so the OS decision is pretty straightforward (it’s an old debate with adamant defenders on both sides). And, once you are within the Appleverse, DEVONthink provides the best privacy and security of any personal information management software, so the decision to use it is pretty easy as well.

Of course, we have to trust that Apple and DT wouldn’t risk their reputations to somehow gain access (or inadvertently allow others to gain access) to our data, but it seems like a small risk to take for the data I have. I don’t expect encryption to be much use a few years down the line, especially with the wild reports I hear about quantum computers, but it is the best thing consumers have on hand, and DEVONthink seamlessly implements it, so I haven’t got any complaints.

One option for the paranoid DT user is to avoid the cloud entirely and sync via Bonjour. It’s awesome that DT provides this option, and I have used it with great success in the past, especially when I know I will be away from the Internet for a while.

2 Likes

The other thing to consider, of course, is your personal risk profile. If you (or your friends) uncover political corruption in authoritarian states, then probably the stakes are a lot higher than if you simply want to keep your kids from reading your unpublished manuscript.

8 Likes

It was a major reason I embarked on a trial of DT; it was one of many reasons I stayed. I could not use DT the way I do without Bonjour sync.

2 Likes