From 96bdff80ff1f4f60a8274b44d0fe61d8d4c13565 Mon Sep 17 00:00:00 2001 From: Evan Su <48808396+HACKERALERT@users.noreply.github.com> Date: Sun, 14 Mar 2021 22:08:50 -0400 Subject: [PATCH] Slight changes --- README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 7ee6c3c..addbdfd 100644 --- a/README.md +++ b/README.md @@ -1,57 +1,57 @@ # Picocrypt -Picocrypt is a very tiny (hence "Pico"), very simple, yet very secure file encryption tool. It uses the modern XChaCha20-Poly1305 cipher suite as well as Argon2, making it about as secure and modern of an encryption tool as you'll ever get your hands on. Picocrypt's focus is security, so it might be slightly slower and less attractive visually than others. +Picocrypt is a very tiny (hence "Pico"), very simple, yet very secure file encryption tool. It uses the modern ChaCha20-Poly1305 cipher suite as well as Argon2, making it about as secure and modern of an encryption tool as you'll ever get your hands on. Picocrypt's focus is security, so it might be slightly slower and less attractive visually than others. Screenshot # Download -You can run the raw Python source file, compile it yourself, or download the portable .exe (for Windows) that I've precompiled and optimized beyond imagination (recommended, because it's just 3MB in size) here. If you're compiling from source or running the raw Python file, the following two dependencies will be automatically installed via pip if not already installed: argon2-cffi and pycryptodome. +You can run the raw Python source file under /src or download the portable .exe (for Windows) that I've precompiled and optimized beyond imagination (recommended, because it's just 3MB and fully portable) here. If you're compiling from source or running the raw Python file, the following two dependencies will be automatically installed via pip if not already installed: argon2-cffi and pycryptodome. -Note: For some reason, there's an outdated and useless tool called PicoCrypt on the Internet, which was released in 2005. PicoCrypt is not related to Picocrypt (this project). Make sure you only download Picocrypt from this Github repository to ensure that you download the correct and authentic software. +Note: For some reason, there's an outdated and useless tool called PicoCrypt on the Internet, which was last updated in 2005. PicoCrypt is not related to Picocrypt (this project). Make sure you only download Picocrypt from this Github repository to ensure that you download the correct, authentic, and backdoor-free software. # Why Picocrypt? Why should you use Picocrypt, instead of Bitlocker, NordLocker, VeraCrypt, or 7-Zip? Here are some reasons why you should switch to Picocrypt: # Instructions -Picocrypt is about as simple as it gets. Just select a file, enter a password, and start. If you want to encrypt multiple files, add them to an archive or zip file. There are some additional options that you can use for more control: +Picocrypt is about as simple as it gets. Just select a file, enter a password, and start. If you want to encrypt multiple files, add them to an archive or zip file and select it. There are some additional options that you can use for more control: # Security -Security is Picocrypt's sole focus. I was in need of a secure, reliable, and future-proof encryption tool that didn't require bloatware and containers, but I couldn't find one, so I created Picocrypt. Picocrypt uses XChaCha20-Poly1305, which is a revision of the eSTREAM winner, Salsa20. XChaCha20-Poly1305 has been through a significant amount of cryptanalysis and was selected by security engineers at Google to be used in modern TLS suites. It's considered to be the future of symmetric encryption, and makes Picocrypt more secure than Bitlocker, NordLocker, and 7-Zip. It's used by Cloudflare, Google, and many other forward-thinking companies. +Security is Picocrypt's primary focus. I was in need of a secure, reliable, and future-proof encryption tool that didn't require bloatware and containers, but I couldn't find one. That's why I created Picocrypt, which uses XChaCha20-Poly1305, which is a revision of the eSTREAM winner, Salsa20. XChaCha20-Poly1305 has been through a significant amount of cryptanalysis and was selected by security engineers at Google to be used in modern TLS suites. It's considered to be the future of symmetric encryption, and makes Picocrypt more secure than Bitlocker, NordLocker, and 7-Zip. It's used by Cloudflare, Google, and many other forward-thinking companies. -For key derivation, Picocrypt uses Argon2ID, winner of the PHC (Password Hashing Competition), which was completed in 2015. Argon2ID is even slower than Scrypt and Bcrypt (for those that don't understand crypto, this is a good thing), making GPU, ASIC, and FPGA attacks impractical due to the huge amount of RAM that is used and written to during the key derivation. +For key derivation, Picocrypt uses Argon2(id), winner of the PHC (Password Hashing Competition), which was completed in 2015. Argon2 is even slower than Scrypt and Bcrypt (for those that don't understand crypto, this is a good thing), making GPU, ASIC, and FPGA attacks impractical due to the huge amount of RAM that is used and written to during the key derivation. -For key checking and CRCs, SHA3_512 (standardized Keccak) is used. Before decrypting, Picocrypt checks whether the password is correct by comparing the derived key to a SHA3_512 hash stored in the encrypted file. SHA3 is the latest standard for hashing recommended by the NIST. It's a modern and well-designed hash function that's open-source, unpatented, and royalty-free. +For key checking and corruption checks, SHA3-512 (Keccak) is used. Before decrypting, Picocrypt checks whether the password is correct by comparing the derived key to a SHA3-512 hash stored in the encrypted file. SHA3 is the latest standard for hashing recommended by the NIST. It's a modern and well-designed hash function that's open-source, unpatented, and royalty-free. -XChaCha20-Poly1305, Argon2, and SHA3 are well recognized within the cryptography community and are all considered to be mature and future-proof. +XChaCha20-Poly1305, Argon2, and SHA3 are well recognized within the cryptography community and are all considered to be mature and future-proof. You can rely on these ciphers and algorithms to protect your data, as they are all modern and have undergone a large amount of cryptanalysis. -I did not write the crypto for Picocrypt. Picocrypt uses two Python libraries, argon2-cffi and pycryptodome, both of which are well known and popular within the Python community. Picocrypt also uses Python's standard hashlib for SHA3_512. For people who want to know how Picocrypt handles the crypto, or for the paranoid, here is a breakdown of how Picocrypt protects your data: +I did not write the crypto for Picocrypt. Picocrypt uses two Python libraries, argon2-cffi and pycryptodome, both of which are well known and popular within the Python community. Picocrypt also uses Python's standard hashlib for SHA3-512. For people who want to know how Picocrypt handles the crypto, or for the paranoid, here is a breakdown of how Picocrypt protects your data:
  1. A 16-byte salt (for Argon2) and a 24-byte nonce (for XChaCha20) is generated using a CSPRNG (Python's os.urandom())
  2. - The encryption/decryption key is generated through Argon2ID using the salt above and the following parameters: + The encryption/decryption key is generated through Argon2id using the salt above and the following parameters:
  3. -
  4. If decrypting, compare the derived key with the SHA3_512 hash of the correct key stored in the ciphertext. If encrypting, compute the SHA3_512 of the derived key and add to ciphertext.
  5. -
  6. Encryption/decryption start, reading in 1MB chunks at a time. For each chunk, it is first encrypted by XChaCha20, and then a CRC (using SHA3_512) is updated.
  7. +
  8. If decrypting, compare the derived key with the SHA3-512 hash of the correct key stored in the ciphertext. If encrypting, compute the SHA3-512 of the derived key and add to ciphertext.
  9. +
  10. Encryption/decryption start, reading in 1MB chunks at a time. For each chunk, it is first encrypted by XChaCha20, and then a CRC (using SHA3-512) is updated.
  11. If 'Secure wipe' is enabled, CSPRNG data is written over the original file in chunks of 1MB to securely wipe the file.
  12. When encryption/decryption is finished, the MAC tag (Poly1305) will be added to the ciphertext or verified, depending on if you're encrypting or decrypting. If 'Secure wipe' is enabled, the original file is deleted.
  13. Similar to above, the CRC is either checked or added to the ciphertext depending on the operation.
  14. @@ -61,10 +61,10 @@ XChaCha20-Poly1305, Argon2, and SHA3 are well recognized within the cryptography # Limitations # Contribution