Technical Details

This is a brief description of how Spynote works.

Two values id and key are computed from your user name u and password p as

id := SHA1(BitToHex(SHA1(u || p)) || p)
key := SHA1(u || BinToBase64(SHA1(p || u)))

The value id is a note identifier and the value key is a raw key material to derive an AES encryption key.

When you save a note, it encrypts to blob by using AES-128 in CTR mode, the key and current timestamp as a counter. Encrypted blob and id sent to a server and stored there as {SHA1(id), blob}.

When you load a note, the server finds blob, tagged with SHA1(id) and sends it back to your browser, where blob will be decrypted using key.

As you can see, a key material never leave your browser and encryption key neither transmitted over network nor shared with a server.

Even if an eavesdropper have id, he cannot reconstruct key without recovering u and p. Unless there is a pre-image attack on SHA-1 hash function (and there is no such one exist), only a simultaneous dictionary/brute force attack on both u and p is available.

Having user name and password of proper quality makes the attack practically impossible. This is why you must avoid using very simple or obvious credentials.