Topic

Examples of Use

There are many note-taking applications, but this is useful if you want to encrypt some of your text.
For example, it can be used for password management.

For an example of password management with Notion, please see the following blog.

Password Management with Notion

How to manage passwords using Notion. Passwords are stored in encrypted form.

View Details

Structure

Encryption and decryption are performed by the user's browser, and no data is sent to the server.
Encrypted data is included in the parameters of the decryption URL.

https://tc.chigusa-web.com/en/dec?v=1.0&txt=encrypted data
TXT-Crypter encryption/decryption process is similar to the Evernote text encryption.

Evernote

What type of encryption does Evernote use?

View Details

This service uses "PBKDF2" to generate an AES key from the passphrase entered by the user.
A random salt is passed through the HMAC/SHA-256 hash function 100,000 times. (The number of iterations can be specified.)
It is encrypted by AES using the AES key and initial vector.

💡
When Evernote encrypts text, it stores the encrypted data in the note.
(Salt, initial vector, cipher data, etc.)
This service is the same in that it can be decrypted by entering a passphrase.
TXT-Crypter Evernote
Key generation PBKDF2 PBKDF2
Number of iterations 100,000 times or more 50,000 times
Encryption AES - 256bit AES - 128bit

Security

Basically, keep the decryption URL in a place that only you can access.
If the URL is not known to others, it cannot be decrypted illegally.

Even if the decryption URL is known to others, it cannot be decrypted without knowing the passphrase.

💡
Never use a passphrase that is easily guessed.
Attackers conduct brute force and dictionary attacks.
Note that a simple passphrase can be illegally decrypted.

This service discloses a manual decryption method. (Of course, a passphrase is required.)
This is to avoid the possibility that this service may become unavailable and decryption may not be possible.

On the other hand, you may be concerned about unauthorized decryption.
Even if the passphrase is not easy to guess, consider whether it can be breached by brute force.

💡
What is a round-robin?
Take, for example, a 4-digit dial lock.
Since there are only 10,000 patterns from 0000 to 9999, even if you forget your PIN, you will be able to open it someday by trying to dial the numbers in sequence.

If you input 8-digit passphrase consisting of letters (upper and lower case) + numbers + 32 symbols, there are 6,095,689,385,410,816 patterns (94 characters to the 8th power).
On my PC (Core i5 11th generation), with a default iteration count of 100,000, each encryption took roughly 800ms.
Assuming 2 attempts/sec for simplicity, only 172,800 attempts can be made per day.
Even if one were to attempt a total hit at this rate, it would take about 100 million years.

Since the above is the case even with 8 digits, further increase in the number of digits will result in a tremendous pattern.
Furthermore, increasing the number of iterations takes more time per decoding and more time per total.
In addition to the brute force of the passphrase, the attacker must also brute force the number of iterations.
At this point, I think we can be quite assured.

After reading this far, the possibility of unauthorized decryption is as close to zero as possible, but what if it is deciphered?
The text to be encrypted should not be a set of site name, ID, and password.
For example, only "passwords" should be used in a single encryption.
Even if the password is illegally decrypted and "only" the password is known, the attacker will not know which site it is for or what the ID is.

💡
Those familiar with encryption and decryption will know that "PBKDF2" is vulnerable to parallel processing.
Evernote has also adopted this and, as mentioned earlier, it will not be a problem if used correctly.
However, I am interested in Argon2. I may consider it in the future.

Manual decryption

In the unlikely event that this service becomes unavailable, you can still manually decrypt the file from the decryption URL.
Source code for decryption is available on GitHub.

TXT-Crypter-decryption

Data encrypted with TXT-Crypter can be manually decrypted.

View Details

Download decrypt.html and open it in your browser.

Enter the decryption URL in the URL, passphrase, number of iterations, and click the "decryption" button.
Once the correct information is entered, the decrypted text will be displayed.

💡
Source code for the decryption method is also provided.
This will not prevent you from decrypting.
Table of contents