1
0
Fork 0
mirror of https://github.com/HACKERALERT/Picocrypt.git synced 2024-12-30 19:32:33 +00:00

Minor improvements

This commit is contained in:
Evan Su 2022-07-15 23:32:56 -04:00 committed by GitHub
parent f247c1b5ad
commit 15b21f7336
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,7 +1,7 @@
<p>English | <a href="/translations/french.md">Français</a> | <a href="/translations/spanish.md">Español</a> | <a href="/translations/german.md">Deutsch</a> | <a href="/translations/portuguese.md">Português</a> | <a href="/translations/turkish.md">Türkçe</a> | <a href="/translations/chinese.md">中文</a> | <a href="/translations/russian.md">русский</a> | <a href="/translations/hungarian.md">Magyar</a> | <a href="/translations/italian.md">Italiano</a> | <a href="/translations/persian.md">پارسی</a> | <a href="/translations/polish.md">Polski</a></p>
<p align="center"><img align="center" src="/images/logo.svg" width="512" alt="Picocrypt"></p>
Picocrypt is a very small (hence <i>Pico</i>), very simple, yet very secure encryption tool that you can use to protect your files. It's designed to be the <i>go-to</i> tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security, even from three-letter agencies like the NSA. It's designed for maximal security, making absolutely no compromises security-wise, and is built with Go's standard x/crypto modules. <strong>Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.</strong>
Picocrypt is a very small (hence <i>Pico</i>), very simple, yet very secure encryption tool that you can use to protect your files. It's designed to be the <i>go-to</i> tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security, even from three-letter agencies like the NSA. It's designed for maximal security, making absolutely no compromises security-wise, and is built with Go's standard x/crypto modules. <strong>Your privacy and security are under attack. Take it back with confidence by protecting your files with Picocrypt.</strong>
<p align="center"><img align="center" src="/images/screenshot.png" width="318" alt="Picocrypt"></p>
@ -17,9 +17,9 @@ Picocrypt for Windows is as simple as it gets. To download the latest, standalon
If the executable above doesn't work, it likely means that your system doesn't support OpenGL. For this situation, I've provided an alternate implementation that will run on any Windows system, which you may download <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.29/Picocrypt-NoGL.exe">here</a>.
## macOS
Picocrypt for macOS is very simple as well. Download Picocrypt <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.29/Picocrypt.app.zip">here</a>, extract the zip file, and run Picocrypt which is inside. If you can't open Picocrypt because it's not from a verified developer, right click on Picocrypt and hit "Open". If you still get the warning, right click on Picocrypt and hit "Open" again and you should be able to start Picocrypt.
Picocrypt for macOS is very simple as well. Download Picocrypt <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.29/Picocrypt.app.zip">here</a>, extract the zip file, and run Picocrypt which is inside. If you can't open Picocrypt because it's not from a verified developer, control-click on Picocrypt and hit "Open" to bypass the warning.
One thing to keep in mind is that Picocrypt on macOS requires Rosetta 2 and OpenGL, both of which are likely to be removed by Apple in the future. This means that Picocrypt may no longer run on macOS in the future as Apple pushes their own proprietary graphics and silicon. The solution? Don't buy Apple. They don't care about developers.
One thing to keep in mind is that Picocrypt on macOS requires Rosetta 2 and OpenGL, both of which are likely to be removed by Apple in the future. This means that Picocrypt may no longer run on macOS in the future as Apple pushes their proprietary graphics and silicon. The solution? Don't buy Apple. They don't care about developers.
## Linux
There are multiple ways to use Picocrypt on Linux. The recommended way is to install Picocrypt from a .deb <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.29/Picocrypt.deb">here</a> (Debian 11+ and Ubuntu 20+). If the .deb doesn't suit your needs or you don't use a Debian-based distro, feel free to use the AppImage from <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.29/Picocrypt.AppImage">here</a>. If neither of the options above work, you may install Picocrypt from Snapcraft, which should work on all distros. Find the instructions for Snapcraft <a href="https://snapcraft.io/picocrypt">here</a>.
@ -31,11 +31,11 @@ The Paranoid Pack is a compressed archive that contains executables for every ve
Why should you use Picocrypt instead of BitLocker, NordLocker, VeraCrypt, AxCrypt, or 7-Zip? Here are a few reasons why you should choose Picocrypt:
<ul>
<li>Unlike NordLocker, BitLocker, AxCrypt, and most cloud storage providers, Picocrypt and its dependencies are completely open-source and auditable. You can verify for yourself that there aren't any backdoors or flaws.</li>
<li>Picocrypt is <i>tiny</i>. While NordLocker is over 50MB and VeraCrypt is over 20MB, Picocrypt sits at just 2MB, about the size of a medium-resolution photo. And that's not all - Picocrypt is portable (doesn't need to be installed) and doesn't require administrator/root privileges.</li>
<li>Picocrypt is <i>tiny</i>. While NordLocker is over 50 MiB and VeraCrypt is over 20 MiB, Picocrypt sits at just 2 MiB, about the size of a medium-resolution photo. And that's not all - Picocrypt is portable (doesn't need to be installed) and doesn't require administrator/root privileges.</li>
<li>Picocrypt is easier and more productive to use than VeraCrypt. To encrypt files with VeraCrypt, you'd have to spend at least five minutes setting up a volume. With Picocrypt's simple UI, all you have to do is drag and drop your files, enter a password, and hit Start. All the complex procedures are handled by Picocrypt internally. Who said secure encryption can't be simple?</li>
<li>Picocrypt is designed for security. 7-Zip is an archive utility and not an encryption tool, so its focus is not on security. Picocrypt, however, is built with security as the number one priority. Every part of Picocrypt exists for a reason and anything that could impact the security of Picocrypt is removed. Picocrypt is built with cryptography you can trust.</li>
<li>Picocrypt authenticates data in addition to protecting it, preventing hackers from maliciously modifying sensitive data. This is useful when you are sending encrypted files over an insecure channel and want to be sure that it arrives untouched.</li>
<li>Picocrypt actively protects encrypted header data from corruption by adding extra Reed-Solomon parity bytes, so if part of a volume's header (which contains important cryptographic components) corrupts (e.g., hard drive bit rot), Picocrypt can still recover the header and decrypt your data with a high success rate. Picocrypt can also encode the entire volume with Reed-Solomon to prevent any corruption to your important files.</li>
<li>Picocrypt actively protects header data from corruption by adding extra Reed-Solomon parity bytes, so if part of a volume's header (which contains important cryptographic components) corrupts (e.g., hard drive bit rot), Picocrypt can still recover the header and decrypt your data with a high success rate. Picocrypt can also encode the entire volume with Reed-Solomon to prevent any corruption to your important files.</li>
</ul>
# Comparison
@ -46,7 +46,7 @@ Here's how Picocrypt compares to other popular encryption tools.
| Free |✅ Yes |✅ Yes |✅ Yes |🟧 Partially |✅ Yes |🟧 Partially |🟧 Partially |
| Open Source |✅ GPLv3 |✅ Multi |✅ LGPL |❌ No |✅ GPLv3 |❌ No |❌ No |
| Cross-Platform |✅ Yes |✅ Yes |❌ No |❌ No |✅ Yes |❌ No |❌ No |
| Size |✅ 2MB |❌ 20MB |✅ 2MB |✅ Included |❌ 50MB |❌ 60MB |🟧 8MB |
| Size |✅ 2 MiB |❌ 20 MiB |✅ 2 MiB |✅ Included |❌ 50 MiB |❌ 60 MiB |🟧 8 MiB |
| Portable |✅ Yes |✅ Yes |❌ No |✅ Yes |❌ No |❌ No |✅ Yes |
| Permissions |✅ None |❌ Admin |❌ Admin |❌ Admin |❌ Admin |❌ Admin |❌ Admin |
| Ease-Of-Use |✅ Easy |❌ Hard |✅ Easy |🟧 Medium |🟧 Medium |🟧 Medium |✅ Easy |
@ -65,9 +65,9 @@ While being simple, Picocrypt also strives to be powerful in the hands of knowle
<ul>
<li><strong>Password generator</strong>: Picocrypt provides a secure password generator that you can use to create cryptographically secure passwords. You can customize the password length, as well as the types of characters to include.</li>
<li><strong>Comments</strong>: Use this to store notes, information, and text along with the file (it won't be encrypted). For example, you can put a description of the file you're encrypting before sending it to someone. When the person you sent it to drops the file into Picocrypt, your description will be shown to that person.</li>
<li><strong>Keyfiles</strong>: Picocrypt supports the use of keyfiles as an additional form of authentication (or the only form of authentication). Not only can you use multiple keyfiles, but you can also require the correct order of keyfiles to be present for a successful decryption to occur. A particularly good use case of multiple keyfiles is creating a shared volume, where each person holds a keyfile, and all of them (and their keyfiles) must be present in order to decrypt the shared volume.</li>
<li><strong>Paranoid mode</strong>: Using this mode will encrypt your data with both XChaCha20 and Serpent in a cascade fashion, and use HMAC-SHA3 to authenticate data instead of BLAKE2b. This is recommended for protecting top-secret files and provides the highest level of practical security attainable. In order for a hacker to crack your encrypted data, both the XChaCha20 cipher and the Serpent cipher must be broken, assuming you've chosen a good password. It's safe to say that in this mode, your files are impossible to crack.</li>
<li><strong>Reed-Solomon</strong>: This feature is very useful if you are planning to archive important data on a cloud provider or external medium for a long time. If checked, Picocrypt will use the Reed-Solomon error correction code to add 8 extra bytes for every 128 bytes to prevent file corruption. This means that up to ~3% of your file can corrupt and Picocrypt will still be able to correct the errors and decrypt your files with no corruption. Of course, if your file corrupts very badly (e.g., you dropped your hard drive), Picocrypt won't be able to fully recover your files, but it will try its best to recover what it can. Note that this option may slow down encryption and decryption speeds.</li>
<li><strong>Keyfiles</strong>: Picocrypt supports the use of keyfiles as an additional form of authentication (or the only form of authentication). Not only can you use multiple keyfiles, but you can also require the correct order of keyfiles to be present for a successful decryption to occur. A particularly good use case of multiple keyfiles is creating a shared volume, where each person holds a keyfile, and all of them (and their keyfiles) must be present to decrypt the shared volume.</li>
<li><strong>Paranoid mode</strong>: Using this mode will encrypt your data with both XChaCha20 and Serpent in a cascade fashion, and use HMAC-SHA3 to authenticate data instead of BLAKE2b. This is recommended for protecting top-secret files and provides the highest level of practical security attainable. For a hacker to crack your encrypted data, both the XChaCha20 cipher and the Serpent cipher must be broken, assuming you've chosen a good password. It's safe to say that in this mode, your files are impossible to crack.</li>
<li><strong>Reed-Solomon</strong>: This feature is very useful if you are planning to archive important data on a cloud provider or external medium for a long time. If checked, Picocrypt will use the Reed-Solomon error correction code to add 8 extra bytes for every 128 bytes of data to prevent file corruption. This means that up to ~3% of your file can corrupt and Picocrypt will still be able to correct the errors and decrypt your files with no corruption. Of course, if your file corrupts very badly (e.g., you dropped your hard drive), Picocrypt won't be able to fully recover your files, but it will try its best to recover what it can. Note that this option may slow down encryption and decryption speeds.</li>
<li><strong>Force decrypt</strong>: Picocrypt automatically checks for file integrity upon decryption. If the file has been modified or is corrupted, Picocrypt will automatically delete the output for the user's safety. If you would like to override these safeguards, check this option. Also, if this option is checked and the Reed-Solomon feature was used on the encrypted volume, Picocrypt will attempt to recover as much of the file as possible during decryption.</li>
<li><strong>Split files into chunks</strong>: Don't feel like dealing with gargantuan files? No worries! With Picocrypt, you can choose to split your output file into custom-sized chunks, so large files can become more manageable and easier to upload to cloud providers. Simply choose a unit (KiB, MiB, GiB, or TiB) and enter your desired chunk size for that unit. To decrypt the chunks, simply drag one of them into Picocrypt and the chunks will be automatically recombined during decryption.</li>
</ul>
@ -92,28 +92,28 @@ PIbXjQvrAMkEVIc0HbCzLxr1k3sH
# Community
Here are some places where you can get involved with Picocrypt:
<ul>
<li><a href="https://discord.gg/8QM4A2caxH">Discord</a></li>
<li><a href="https://www.reddit.com/r/Picocrypt/">Reddit</a></li>
<li><a href="https://discord.gg/8QM4A2caxH">Discord</a></li>
</ul>
While I won't be active in these communities myself, they are still a great place to ask questions and help one another out. Remember to only trust these social networks and be aware of hackers that might try to impersonate me. I will never ask you for your password, and anyone who does is not me. I will never tell you to download a file from a suspicious link, and anyone who does is not me.
While I won't be active in these communities myself, they are still a great place to ask questions and help one another out, especially if something happens to me or this repository in the future. Remember to only trust these specific social networks and be aware of hackers that might try to impersonate me on other platforms. I will never ask you for your password, and anyone who does is not me. I will never tell you to download a file from a suspicious link, and anyone who does is not me.
# Stargazers
How's Picocrypt doing? Take a look below to find out.
![Stargazers Over Time](https://starchart.cc/HACKERALERT/Picocrypt.svg)
# Donations
If you find Picocrypt useful, please consider tipping my <a href="https://paypal.me/evanyiwensu">PayPal</a>. I'm providing this software completely free of charge, and would love to have some supporters that will motivate me to continue my work on Picocrypt. Currently, however, funding the audit is more important, so if you would like to donate, please donate on Open Collective to fund the audit as opposed to supporting me, which is less of a priority right now.
If you find Picocrypt useful, please consider tipping my <a href="https://paypal.me/evanyiwensu">PayPal</a>. I'm providing this software completely free of charge and would love to have some supporters that will motivate me to continue my work on Picocrypt. Currently, however, funding the audit is more important, so if you would like to donate, please donate on Open Collective to fund the audit as opposed to supporting me, which is less of a priority right now.
# FAQ
**Is Picocrypt accepting new features?**
No, Picocrypt is considered feature-complete and won't be getting any new features. Unlike other tools that try to constantly add new features (which introduces new bugs and security holes), Picocrypt focuses on just a few core features but does each of them exceptionally well. Remember Picocrypt's ideology: small, simple, and secure.
No, Picocrypt is considered feature-complete and won't be getting any new features. Unlike other tools which try to constantly add new features (which introduces new bugs and security holes), Picocrypt focuses on just a few core features but does each of them exceptionally well. Remember Picocrypt's ideology: small, simple, and secure.
**Will Android/iOS be supported?**
No, I don't plan on supporting Android or iOS because they are very different from traditional desktop operating systems and require different toolchains to develop apps for. Due to the nature of open-source software, however, it is possible that a community-built version of Picocrypt for Android or iOS may appear in the future.
No, I don't plan on supporting Android or iOS because they are very different from traditional desktop operating systems and require different toolchains to develop apps for. Due to the nature of open-source software, however, a community-built version of Picocrypt for Android or iOS may appear in the future.
**Why is Picocrypt not updated frequently?**
@ -135,8 +135,6 @@ A thank you from the bottom of my heart to the people on Open Collective who hav
<li>Pokabu (backer)</li>
</ul>
You are the people who inspire me to work on Picocrypt and provide it free of charge to everyone!
Also, a huge thanks to the following list of five people, who were the first to donate and support Picocrypt:
<ul>
<li>W.Graham</li>
@ -171,6 +169,6 @@ Finally, thanks to these people/organizations for helping me out when needed:
<li>u/Tall_Escape for helping me test Picocrypt</li>
<li>u/NSABackdoors for doing plenty of testing</li>
<li>@samuel-lucas6 for feedback, suggestions, and support</li>
<li><a href="https://privacytools.io">PrivacyToolsIO</a> for listing Picocrypt</li>
<li><a href="https://privacytools.io">PrivacyTools</a> for listing Picocrypt</li>
<li><a href="https://privacyguides.org">PrivacyGuides</a> for listing Picocrypt</li>
</ul>