Has Joplin been audited?

I'm wondering if Joplin has ever done a third-party security audit of the application, particularly in regards to its encryption. I've been thinking of switching from another notes application which uses E2EE but I couldn't seem to find much information on whether or not Joplin has been audited or not since I'm looking into the possibility of syncing it with a Nextcloud provider.

If it hasn't been audited, does anyone have an idea of how risky it would be to rely on Joplin's encryption? And are there any alternatives to using Joplin's built-in encryption feature? (For example, maybe there's a way to do it using Cryptomator?)

Yes it's been audited a few years ago: https://www.patreon.com/posts/joplin-informal-35719724 And more recently by a government agency without any major vulnerability being found.

The only known issue is that we use AES-128 while AES-256 would be preferable, and we are planning to upgrade this soon.


Would you have a link for that?

Is there an ETA on that?

Thanks in advance! :smiley:

Is there an ETA on that?

Recently released, Joplin desktop 2.11.11 and mobile 12.11.5 and newer encrypt using AES-256.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.