How does encryption work?
When enabled, your data will be encrypted locally and in the cloud using a passphrase provided by you. This passphrase cannot be reset if forgotten.
Recollectr Premium optionally employs AES-GCM 256 bit encryption for all of your private data.
Each note has its own encryption key, which itself is encrypted using your account level key. All of the data necessary to recreate your account key, besides your passphrase, is securely stored and accessible only to yourself or someone who has your account password.
Is my encryption passphrase or key stored in the cloud?
Is my encryption passphrase or key stored locally?
No. At this time neither your passphrase nor your account key are stored locally. In the future we may introduce an option to store your account key locally in an encrypted state. For now, you will need to enter your passphrase on each startup.
How is my encryption key created from my passphrase?
Your account key is created locally using PBKDF2 with 200,000 iterations.
How is my encryption passphrase validated?
Your encryption passphrase is validated by comparing with a stored hash. The stored hash is created using Argon2id with the following parameters:
- Time cost: 10
- Memory cost: 32mb
- Parallel threads: 2