Has Joplin been audited?

Stilt · 31 May 2023 19:53

I'm wondering if Joplin has ever done a third-party security audit of the application, particularly in regards to its encryption. I've been thinking of switching from another notes application which uses E2EE but I couldn't seem to find much information on whether or not Joplin has been audited or not since I'm looking into the possibility of syncing it with a Nextcloud provider.

If it hasn't been audited, does anyone have an idea of how risky it would be to rely on Joplin's encryption? And are there any alternatives to using Joplin's built-in encryption feature? (For example, maybe there's a way to do it using Cryptomator?)

laurent · 31 May 2023 20:08

Yes it's been audited a few years ago: https://www.patreon.com/posts/joplin-informal-35719724 And more recently by a government agency without any major vulnerability being found.

The only known issue is that we use AES-128 while AES-256 would be preferable, and we are planning to upgrade this soon.

Stilt · 31 May 2023 22:06

Would you have a link for that?

Is there an ETA on that?

Thanks in advance!

candrak · 30 June 2023 16:01

Is there an ETA on that?

Recently released, Joplin desktop 2.11.11 and mobile 12.11.5 and newer encrypt using AES-256.

system · 30 July 2023 16:01

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Encryption not working? Support	3	558	19 February 2023
Encryption Lounge	2	480	28 January 2021
Syncing and e2ee between three clients Support	9	355	13 December 2023
Are my notes safe even without full disk encryption? Support	3	112	11 May 2024
Back to 128bit encryption (in 2.12.15) - really? Features	4	600	9 December 2023

Has Joplin been audited?

Related Topics