1
0
Fork 0
mirror of https://github.com/HACKERALERT/Picocrypt.git synced 2024-12-28 10:24:19 +00:00
A very small, very simple, yet very secure encryption tool.
Find a file
2022-05-07 19:19:41 -04:00
.github Scan all Go files 2021-12-29 11:21:02 -05:00
images Add files via upload 2022-05-02 18:27:27 -04:00
src Fix race condition, improve stability 2022-05-06 23:33:44 -04:00
translations Minor touchups for German translation 2022-05-07 02:59:07 -07:00
Changelog.md gofmt and go mod tidy all dependencies 2022-05-07 19:19:41 -04:00
Internals.md Better words 2022-04-10 13:44:27 -04:00
LICENSE Initial commit 2021-02-18 15:27:51 -05:00
README.md Link to .deb and AppImage, update download links 2022-05-02 17:57:00 -04:00
SECURITY.md Directly add email address 2022-05-02 18:44:34 -04:00

English | Français | Español | Deutsch | Português | Türkçe | 中文 | русский | Magyar | Italiano

Picocrypt

Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tool that you can use to protect your files. It's designed to be the go-to tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security, even from three-letter agencies like the NSA. It's designed for maximal security, making absolutely no compromises security-wise, and is built with Go's standard x/crypto modules. Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.

Picocrypt

Funding

Please donate to Picocrypt on Open Collective (crypto is accepted) to raise money for a potential audit from Cure53. Because this is a project that I spend many hours on and make no money from, I cannot pay for an audit myself. Picocrypt needs support from its community.

Downloads

Important: There's an outdated and useless piece of abandonware called PicoCrypt on the Internet, which was last updated in 2005. PicoCrypt is not related in any way to Picocrypt (this project). Make sure you only download Picocrypt from this repository to ensure that you get the authentic and backdoor-free Picocrypt.

Windows

Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click here. If Windows Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone.

macOS

Picocrypt for macOS is very simple as well. Download Picocrypt here, extract the zip file, and run Picocrypt which is inside. If you can't open Picocrypt because it's not from a verified developer, right click on Picocrypt and hit "Open". If you still get the warning, right click on Picocrypt and hit "Open" again and you should be able to start Picocrypt.

Linux

There are multiple ways to use Picocrypt on Linux. The recommended way is to install Picocrypt from a .deb here (Debian 11+ and Ubuntu 20+). If the .deb doesn't suit your needs or you don't use a Debian-based distro, feel free to use the AppImage from here. If neither of the options above work, you may install Picocrypt from Snapcraft, which should work on all distros. Find the instructions for Snapcraft here.

Paranoid Packs

The Paranoid Pack is a compressed archive that contains executables for every version of Picocrypt ever released for Windows, macOS, and Linux. As long as you have it stored in a place you can access, you'll be able to open it and use any version of Picocrypt in case this repository mysteriously vanishes or the entire Internet burns down. Think of it as a seed vault for Picocrypt. As long as one person has the Paranoid Pack within reach, they can share it with the rest of the world and keep Picocrypt functional in cases of catastrophic events like GitHub shutting down suddenly or the NSA capturing me (just in case, you know?). The best way to ensure Picocrypt is accessible many decades from now is to keep a Paranoid Pack in a safe place. So if you are worried about being unable to access Picocrypt in the future, well, here's your solution. Just head to the Releases tab and get yourself a copy.

Why Picocrypt?

Why should you use Picocrypt instead of BitLocker, NordLocker, VeraCrypt, AxCrypt, or 7-Zip? Here are a few reasons why you should choose Picocrypt:

  • Unlike NordLocker, BitLocker, AxCrypt, and most cloud storage providers, Picocrypt and its dependencies are completely open-source and auditable. You can verify for yourself that there aren't any backdoors or flaws.
  • Picocrypt is tiny. While NordLocker is over 50MB and VeraCrypt is over 20MB, Picocrypt sits at just 2MB, about the size of a medium-resolution photo. And that's not all - Picocrypt is portable (doesn't need to be installed) and doesn't require administrator/root privileges.
  • Picocrypt is easier and more productive to use than VeraCrypt. To encrypt files with VeraCrypt, you'd have to spend at least five minutes setting up a volume. With Picocrypt's simple UI, all you have to do is drag and drop your files, enter a password, and hit Start. All the complex procedures are handled by Picocrypt internally. Who said secure encryption can't be simple?
  • Picocrypt is designed for security. 7-Zip is an archive utility and not an encryption tool, so its focus is not on security. Picocrypt, however, is built with security as the number one priority. Every part of Picocrypt exists for a reason and anything that could impact the security of Picocrypt is removed. Picocrypt is built with cryptography you can trust.
  • Picocrypt authenticates data in addition to protecting it, preventing hackers from maliciously modifying sensitive data. This is useful when you are sending encrypted files over an insecure channel and want to be sure that it arrives untouched.
  • Picocrypt actively protects encrypted header data from corruption by adding extra Reed-Solomon parity bytes, so if part of a volume's header (which contains important cryptographic components) corrupts (e.g., hard drive bit rot), Picocrypt can still recover the header and decrypt your data with a high success rate. Picocrypt can also encode the entire volume with Reed-Solomon to prevent any corruption to your important files.

Comparison

Here's how Picocrypt compares to other popular encryption tools.

Picocrypt VeraCrypt 7-Zip (GUI) BitLocker Cryptomator NordLocker AxCrypt
Free Yes Yes Yes 🟧 Partially Yes 🟧 Partially 🟧 Partially
Open Source GPLv3 Multi LGPL No GPLv3 No No
Cross-Platform Yes Yes No No Yes No No
Size 2MB 20MB 2MB Included 50MB 60MB 🟧 8MB
Portable Yes Yes No Yes No No Yes
Permissions None Admin Admin Admin Admin Admin Admin
Ease-Of-Use Easy Hard Easy 🟧 Medium 🟧 Medium 🟧 Medium Easy
Cipher XChaCha20 AES-256 AES-256 🟧 AES-128 AES-256 AES-256 🟧 AES-128
Key Derivation Argon2 🆗 PBKDF2 SHA256 Unknown Scrypt Argon2 🆗 PBKDF2
Data Integrity Always No No Unknown Always Always Always
Reed-Solomon Yes No No No No No No
Compression Yes No Yes Yes No No Yes
Telemetry None None None Unknown None Analytics Accounts
Audited 🟧 Planned Yes No Unknown Yes Unknown No

Features

Picocrypt is a very simple tool, and most users will intuitively understand how to use it in a few seconds. On a basic level, simply dropping your files, entering a password, and hitting Start is all that's needed to encrypt your files. Pretty simple, right?

While being simple, Picocrypt also strives to be powerful in the hands of knowledgeable and advanced users. Thus, there are some additional options that you may use to suit your needs.

  • Password generator: Picocrypt provides a secure password generator that you can use to create cryptographically secure passwords. You can customize the password length, as well as the types of characters to include.
  • Comments: Use this to store notes, information, and text along with the file (it won't be encrypted). For example, you can put a description of the file you're encrypting before sending it to someone. When the person you sent it to drops the file into Picocrypt, your description will be shown to that person.
  • Keyfiles: Picocrypt supports the use of keyfiles as an additional form of authentication (or the only form of authentication). Not only can you use multiple keyfiles, but you can also require the correct order of keyfiles to be present, for a successful decryption to occur. A particularly good use case of multiple keyfiles is creating a shared volume, where each person holds a keyfile, and all of them (and their keyfiles) must be present in order to decrypt the shared volume.
  • Paranoid mode: Using this mode will encrypt your data with both XChaCha20 and Serpent in a cascade fashion, and use HMAC-SHA3 to authenticate data instead of BLAKE2b. This is recommended for protecting top-secret files and provides the highest level of practical security attainable. In order for a hacker to crack your encrypted data, both the XChaCha20 cipher and the Serpent cipher must be broken, assuming you've chosen a good password. It's safe to say that in this mode, your files are impossible to crack.
  • Reed-Solomon: This feature is very useful if you are planning to archive important data on a cloud provider or external medium for a long time. If checked, Picocrypt will use the Reed-Solomon error correction code to add 8 extra bytes for every 128 bytes to prevent file corruption. This means that up to ~3% of your file can corrupt and Picocrypt will still be able to correct the errors and decrypt your files with no corruption. Of course, if your file corrupts very badly (e.g., you dropped your hard drive), Picocrypt won't be able to fully recover your files, but it will try its best to recover what it can. Note that this option will slow down encryption and decryption considerably.
  • Force decrypt: Picocrypt automatically checks for file integrity upon decryption. If the file has been modified or is corrupted, Picocrypt will automatically delete the output for the user's safety. If you would like to override these safeguards, check this option. Also, if this option is checked and the Reed-Solomon feature was used on the encrypted volume, Picocrypt will attempt to recover as much of the file as possible during decryption.
  • Split files into chunks: Don't feel like dealing with gargantuan files? No worries! With Picocrypt, you can choose to split your output file into custom-sized chunks, so large files can become more manageable and easier to upload to cloud providers. Simply choose a unit (KiB, MiB, GiB, or TiB) and enter your desired chunk size for that unit. To decrypt the chunks, simply drag one of them into Picocrypt and the chunks will be automatically recombined during decryption.

Security

For more information on how Picocrypt handles cryptography, see Internals for the technical details. If you're worried about the safety of me or this project, let me assure you that this repository won't be hijacked or backdoored. I have 2FA (TOTP) enabled on all accounts with a tie to Picocrypt (GitHub, Google, Reddit, Ubuntu One/Snapcraft, Discord, etc.), in addition to full-disk encryption on all of my portable devices. For further hardening, Picocrypt uses my isolated forks of dependencies and I fetch upstream only when I have taken a look at the changes and believe that there aren't any security issues. This means that if a dependency gets hacked or deleted by the author, Picocrypt will be using my fork of it and remain completely unaffected. You can feel confident about using Picocrypt.

Community

Here are some places where you can stay up to date with Picocrypt and get involved:

I highly recommend you join Picocrypt's subreddit because all updates and polls will be posted there. Remember to only trust these social networks and be aware of hackers that might try to impersonate me. I will never ask you for your password, and anyone who does is not me. I will never tell you to download a file from a suspicious link, and anyone who does is not me.

Stargazers

How's Picocrypt doing? Take a look below to find out. Stargazers Over Time

Donations

If you find Picocrypt useful, please consider tipping my PayPal. I'm providing this software completely free of charge, and would love to have some supporters that will motivate me to continue my work on Picocrypt.

Thank You's

A thank you from the bottom of my heart to the people on Open Collective who have made a significant contribution:

  • YellowNight ($818)
  • evelian ($50)
  • jp26 ($50)
  • guest-116103ad ($50)
  • Tybbs ($10)
  • N. Chin ($10)
  • Manjot ($10)
  • Phil P. ($10)
  • donor39 (backer)
  • Pokabu (backer)

You are the people who inspire me to work on Picocrypt and provide it free of charge to everyone!

Also, a huge thanks to the following list of five people, who were the first to donate and support Picocrypt:

  • W.Graham
  • N. Chin
  • Manjot
  • Phil P.
  • E. Zahard

As well, a great thanks to these people, who have helped translate Picocrypt and make it more accessible to the world:

  • @umitseyhan75 for Turkish
  • @digitalblossom & @Pokabu26 for German
  • @zeeaall for Brazilian Portuguese
  • @kurpau for Lithuanian
  • u/francirc for Spanish
  • yn for Russian
  • @Etim-Orb for Hungarian
  • @Minibus93 for Italian
  • Michel for French
  • @victorhck for Spanish

Finally, thanks to these people/organizations for helping me out when needed:

  • [ REDACTED ] for helping me create an AppImage for Picocrypt
  • Fuderal on Discord for helping me setup a Discord server
  • u/greenreddits for constant feedback and support
  • u/Tall_Escape for helping me test Picocrypt
  • u/NSABackdoors for doing plenty of testing
  • @samuel-lucas6 for feedback, suggestions, and support
  • PrivacyToolsIO for listing Picocrypt
  • PrivacyGuides for listing Picocrypt