VoodooPad Encryption Vulnerability
After Plausible Labs’ acquisition of VoodooPad, a cryptography audit was performed and VoodooPad’s document encryption implementation was found to use weak or improperly employed cryptographic primitives. The discovered issues include weak key derivation, use of known-weak ciphers, predictable RNG seeding, and improper IV re-use.
As a result, an attacker with access to an encrypted document may be able to decrypt the document’s contents without access to the original encryption password.
To resolve these issues, we’ve invested heavily in a complete redesign and rewrite of VoodooPad’s encryption implementation; as of VoodooPad 5.1.4:
- All VoodooPad releases now ship with an encryption implementation based on industry standards and best practices.
- VoodooPad will display a warning upon opening an insecurely encrypted document, and will optionally perform an in-place upgrade of the document’s encryption.
- We have published complete technical specifications documenting VoodooPad’s new encryption implementation; refer to “Additional Resources” below.
Due to the sweeping implementation changes that were required in VoodooPad’s document storage:
- Encrypted documents produced in VoodooPad 5.1.4 and later will not be readable in earlier releases of VoodooPad.
- We are initially releasing VoodooPad 5.1.4 as a public beta to allow for further testing while allowing affected customers to upgrade immediately. We do recommend that affected customers upgrade now.
Common Questions
I’m a VoodooPad user but I don’t use encryption. I didn’t even know VoodooPad had encryption! Do I have anything to worry about?
Nope! This issue only applies to documents using encryption.
I have some encrypted VoodooPad documents. How could this impact me?
Unfortunately, anyone that is able to gain access to your VoodooPad-encrypted documents can potentially decrypt any document that was encrypted with a previous VoodooPad release, even if they do not know the document password.
When using a cloud file or backup service, encrypted VoodooPad documents could be decrypted by anyone with access to your account (including the cloud service provider).
For documents stored locally on your computer, an attacker would require access to your computer, or access to your local files via another means — such as unencrypted backups.
OK — So how do I secure my documents?
The first step is to upgrade to the VoodooPad 5.1.4 Beta release. If you’re a Mac App Store customer, you’ll need to download the beta from the provided link instead of the App Store, but you won’t need to purchase a separate license. If you are an iOS user, reading securely encrypted documents will also require VoodooPad 5.1.4 for iOS, available as a free upgrade via the App Store.
Next, open your encrypted documents (or documents containing encrypted pages) with VoodooPad 5.1.4 on Mac OS X — VoodooPad will offer to upgrade the documents immediately in-place. An unmodified copy of your document will also be placed in the Trash — you may wish to empty the trash after you’ve verified that your document has been upgraded successfully.
Lastly, be aware that cloud services like Dropbox may store backup copies of files, and those backups may include an insecurely encrypted version of your document. You can request that Dropbox permanently delete a file, but just to be safe, we recommend saving a local backup of the file on your own computer first.
What if I’m using VoodooPad 4 or earlier?
Previous releases of VoodooPad used a different design for document and page encryption; unfortunately, this was also found to use weak or improperly employed cryptographic primitives. We recommend that all customers upgrade to VoodooPad 5.
Discounted upgrade pricing is available to direct-purchase customers via the Plausible Store. For Mac App Store customers, Apple does not support discount upgrade pricing via the Mac App Store – if you previously purchased VoodooPad 4 through the Mac App Store, please contact us directly to arrange for upgrade pricing.
Additional Resources
We’ve published additional technical details on the design and implementation of VoodooPad 5.1.4′s document encryption implementation, including:
- VoodooPad Cryptography Overview - A high-level technical overview of how VoodooPad utilizes cryptography and the overall design of the VoodooPad’s document encryption.
- VoodooPad Cryptography Specification – The concrete specification of VoodooPad’s document encryption, including file formats, keying, ciphers, algorithms, and parameters.
- VoodooPad Encrypt-then-MAC AEAD Specification – Defines VoodooPad’s ETM-AEAD composition of AES-CBC, PKCS#7, and HMAC used for all authenticated encryption.