Merge branch 'HACKERALERT:main' into main

2022-06-29 20:06:05 +02:00 · 2022-06-29 20:06:05 +02:00 · c4b74a04ec
parent 6abf39db5e ce5c9b54b2
commit c4b74a04ec
4 changed files with 29 additions and 10 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,2 +0,0 @@
-open_collective: picocrypt
-custom: "https://paypal.me/evanyiwensu"
--- a/Changelog.md
+++ b/Changelog.md
@ -3,6 +3,12 @@
 	<li>Add FAQ</li>
 </ul>

+# v1.30 (No ETA)
+<ul>
+	<li>✓ Improve tooltip clarity</li>
+	<li>Fix scaling issue when moving between monitors with different DPIs</li>
+</ul>
+
 # v1.29 (Released 05/23/2022)
 <ul>
 	<li>✓ Review/improve Internals.md</li>
--- a/README.md
+++ b/README.md
@ -6,10 +6,10 @@ Picocrypt is a very small (hence <i>Pico</i>), very simple, yet very secure encr
 <p align="center"><img align="center" src="/images/screenshot.png" width="318" alt="Picocrypt"></p>

 # Funding
-Please donate to Picocrypt on <a href="https://opencollective.com/picocrypt">Open Collective</a> (crypto is accepted) to raise money for a potential audit from Cure53. Because this is a project that I spend many hours on and make no money from, I cannot pay for an audit myself. <i>Picocrypt needs support from its community.</i>
+Please donate to Picocrypt on <a href="https://opencollective.com/picocrypt">Open Collective</a> (crypto is accepted) to raise money for a security audit from Cure53. Because this is a project that I spend many hours on and make no money from, I cannot pay for an audit myself. <i>Picocrypt needs support from its community.</i>

 # Downloads
-**Important**: There's an outdated and useless piece of abandonware called PicoCrypt on the Internet, which was last updated in 2005. PicoCrypt is not related in any way to Picocrypt (this project). Make sure you only download Picocrypt from this repository to ensure that you get the authentic and backdoor-free Picocrypt.
+**Important**: There are multiple entities under the name "Picocrypt". For example, there's an old encryption tool called PicoCrypt that uses a broken cipher. There's also an ERC-funded research project called PICOCRYPT. Please don't confuse any of these projects with Picocrypt (this project). Make sure to only download Picocrypt from this repository to ensure that you get the authentic and backdoor-free Picocrypt. When sharing Picocrypt with others, be sure to link to this repository to prevent any confusion.

 ## Windows
 Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.29/Picocrypt.exe">here</a>. If Windows Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone.
@ -65,7 +65,7 @@ While being simple, Picocrypt also strives to be powerful in the hands of knowle
 	<li><strong>Comments</strong>: Use this to store notes, information, and text along with the file (it won't be encrypted). For example, you can put a description of the file you're encrypting before sending it to someone. When the person you sent it to drops the file into Picocrypt, your description will be shown to that person.</li>
 	<li><strong>Keyfiles</strong>: Picocrypt supports the use of keyfiles as an additional form of authentication (or the only form of authentication). Not only can you use multiple keyfiles, but you can also require the correct order of keyfiles to be present for a successful decryption to occur. A particularly good use case of multiple keyfiles is creating a shared volume, where each person holds a keyfile, and all of them (and their keyfiles) must be present in order to decrypt the shared volume.</li>
 	<li><strong>Paranoid mode</strong>: Using this mode will encrypt your data with both XChaCha20 and Serpent in a cascade fashion, and use HMAC-SHA3 to authenticate data instead of BLAKE2b. This is recommended for protecting top-secret files and provides the highest level of practical security attainable. In order for a hacker to crack your encrypted data, both the XChaCha20 cipher and the Serpent cipher must be broken, assuming you've chosen a good password. It's safe to say that in this mode, your files are impossible to crack.</li>
-	<li><strong>Reed-Solomon</strong>: This feature is very useful if you are planning to archive important data on a cloud provider or external medium for a long time. If checked, Picocrypt will use the Reed-Solomon error correction code to add 8 extra bytes for every 128 bytes to prevent file corruption. This means that up to ~3% of your file can corrupt and Picocrypt will still be able to correct the errors and decrypt your files with no corruption. Of course, if your file corrupts very badly (e.g., you dropped your hard drive), Picocrypt won't be able to fully recover your files, but it will try its best to recover what it can. Note that this option will slow down encryption and decryption considerably.</li>
+	<li><strong>Reed-Solomon</strong>: This feature is very useful if you are planning to archive important data on a cloud provider or external medium for a long time. If checked, Picocrypt will use the Reed-Solomon error correction code to add 8 extra bytes for every 128 bytes to prevent file corruption. This means that up to ~3% of your file can corrupt and Picocrypt will still be able to correct the errors and decrypt your files with no corruption. Of course, if your file corrupts very badly (e.g., you dropped your hard drive), Picocrypt won't be able to fully recover your files, but it will try its best to recover what it can. Note that this option may slow down encryption and decryption speeds.</li>
 	<li><strong>Force decrypt</strong>: Picocrypt automatically checks for file integrity upon decryption. If the file has been modified or is corrupted, Picocrypt will automatically delete the output for the user's safety. If you would like to override these safeguards, check this option. Also, if this option is checked and the Reed-Solomon feature was used on the encrypted volume, Picocrypt will attempt to recover as much of the file as possible during decryption.</li>
 	<li><strong>Split files into chunks</strong>: Don't feel like dealing with gargantuan files? No worries! With Picocrypt, you can choose to split your output file into custom-sized chunks, so large files can become more manageable and easier to upload to cloud providers. Simply choose a unit (KiB, MiB, GiB, or TiB) and enter your desired chunk size for that unit. To decrypt the chunks, simply drag one of them into Picocrypt and the chunks will be automatically recombined during decryption.</li>
 </ul>
@ -101,7 +101,21 @@ How's Picocrypt doing? Take a look below to find out.
 ![Stargazers Over Time](https://starchart.cc/HACKERALERT/Picocrypt.svg)

 # Donations
-If you find Picocrypt useful, please consider tipping my <a href="https://paypal.me/evanyiwensu">PayPal</a>. I'm providing this software completely free of charge, and would love to have some supporters that will motivate me to continue my work on Picocrypt.
+If you find Picocrypt useful, please consider tipping my <a href="https://paypal.me/evanyiwensu">PayPal</a>. I'm providing this software completely free of charge, and would love to have some supporters that will motivate me to continue my work on Picocrypt. Currently, however, funding the audit is more important, so if you would like to donate, please donate on Open Collective to fund the audit as opposed to supporting me, which is less of a priority right now.
+
+# FAQ
+
+**Is Picocrypt accepting new features?**
+
+No, Picocrypt is considered feature-complete and won't be getting any new features. Unlike other tools that try to constantly add new features (which introduces new bugs and security holes), Picocrypt focuses on just a few core features but does each of them exceptionally well. Remember Picocrypt's ideology: small, simple, and secure.
+
+**Will Android/iOS be supported?**
+
+No, I don't plan on supporting Android or iOS because they are very different from traditional desktop operating systems and require different toolchains to develop apps for. Due to the nature of open-source software, however, it is possible that a community-built version of Picocrypt for Android or iOS may appear in the future.
+
+**Why is Picocrypt not updated frequently?**
+
+People seem to have the notion that software must be constantly updated to stay relevant and secure. While this may be true for a lot of the software we use today, it is not for Picocrypt. Picocrypt is "good software" and good software doesn't need constant updates to remain relevant and secure. Good software will always be good software.

 # Thank Yous
 A thank you from the bottom of my heart to the people on Open Collective who have made a significant contribution:
@ -110,6 +124,7 @@ A thank you from the bottom of my heart to the people on Open Collective who hav
 	<li>evelian ($50)</li>
 	<li>jp26 ($50)</li>
 	<li>guest-116103ad ($50)</li>
+	<li>Markus ($15)</li>
 	<li>Tybbs ($10)</li>
 	<li>N. Chin ($10)</li>
 	<li>Manjot ($10)</li>
--- a/translations/french.md
+++ b/translations/french.md
@ -1,11 +1,11 @@
 <p align="center"><img align="center" src="/images/logo.svg" width="512" alt="Picocrypt"></p>

-Picocrypt est un outil de cryptage très petit (d'où <i>Pico</i>), très simple mais très sécurisé que vous pouvez utiliser pour protéger vos fichiers. Il est conçu pour être l'outil <i>de référence</i> pour le chiffrement, en mettant l'accent sur la sécurité, la simplicité et la fiabilité. Picocrypt utilise le chiffrement sécurisé XChaCha20  cipher et la fonction de dérivation de clé Argon2id pour fournir un haut niveau de sécurité, même en face d'agences à trois lettres comme la NSA. Il est conçu pour une sécurité maximale, ne faisant absolument aucun compromis en matière de sécurité, et il est construit avec les modules x/crypto standard de Go. <strong>Votre vie privée et votre sécurité sont attaquées. Reprenez-en le  contrôle en toute confiance en protégeant vos fichiers avec Picocrypt.</strong>
+Picocrypt est un outil de chiffrement très petit (d'où <i>Pico</i>), très simple mais très sécurisé que vous pouvez utiliser pour protéger vos fichiers. Il est conçu pour être l'outil <i>de référence</i> pour le chiffrement, en mettant l'accent sur la sécurité, la simplicité et la fiabilité. Picocrypt utilise le chiffrement sécurisé XChaCha20 cipher et la fonction de dérivation de clé Argon2id pour fournir un haut niveau de sécurité, même en face d'agences à trois lettres comme la NSA. Il est conçu pour une sécurité maximale, ne faisant absolument aucun compromis en matière de sécurité, et il est construit avec les modules x/crypto standard de Go. <strong>Votre vie privée et votre sécurité sont attaquées. Reprenez-en le  contrôle en toute confiance en protégeant vos fichiers avec Picocrypt.</strong>

 <p align="center"><img align="center" src="/images/screenshot.png" width="384" alt="Picocrypt"></p>

 # Financement
-Veuillez faire un don à Picocrypt sur <a href="https://opencollective.com/picocrypt">Open Collective</a> (crypto est accepté) pour collecter des fonds pour un audit potentiel de  type Cure53. Comme il s'agit d'un projet sur lequel je passe de nombreuses heures , qui ne rapporte rien, je ne peux pas payer moi-même cet audit. <i>Picocrypt a besoin du soutien de sa communauté pour se faire.</i>
+Veuillez faire un don à Picocrypt sur <a href="https://opencollective.com/picocrypt">Open Collective</a> (les cryptomonnaies sont acceptés) pour collecter des fonds pour un audit potentiel de type Cure53. Comme il s'agit d'un projet sur lequel je passe de nombreuses heures, qui ne me rapportent pas d'argent, je ne peux pas payer moi-même cet audit. <i>Picocrypt a besoin du soutien de sa communauté pour se faire.</i>

 # Téléghargements
 ## Windows
@ -30,7 +30,7 @@ Pourquoi devriez-vous utiliser Picocrypt au lieu de BitLocker, NordLocker, VeraC

 <li>Picocrypt est plus facile et plus productif à utiliser que VeraCrypt. Pour chiffrer des fichiers avec VeraCrypt, vous devez passer au moins cinq minutes à configurer un volume. Avec l'interface utilisateur simple de Picocrypt, tout ce que vous avez à faire est de faire glisser et déposer vos fichiers, d'entrer un mot de passe et d'appuyer sur Démarrer. Toutes les procédures complexes sont gérées par Picocrypt en interne. Qui a dit que le chiffrement sécurisé ne pouvait pas être simple ?</li>

-<li>Picocrypt est conçu pour la sécurité. 7-Zip est un utilitaire d'archivage et non un outil de chiffrement, il n'est donc pas axé sur la sécurité. Picocrypt, lui, est construit avec la sécurité comme priorité numéro un. Chaque partie de Picocrypt existe pour éliminer  tout ce qui pourrait avoir un impact sur la sécurité de Picocrypt, . Picocrypt est construit avec une cryptographie de confiance.</li>
+<li>Picocrypt est conçu pour la sécurité. 7-Zip est un utilitaire d'archivage et non un outil de chiffrement, il n'est donc pas axé sur la sécurité. Picocrypt, lui, est construit avec la sécurité comme priorité numéro un. Chaque partie de Picocrypt existe pour éliminer tout ce qui pourrait avoir un impact sur la sécurité de Picocrypt. Picocrypt est construit avec une cryptographie de confiance.</li>

 <li>Picocrypt authentifie les données en plus de les protéger, empêchant les pirates de modifier de manière malveillante les données sensibles. Ceci est utile lorsque vous envoyez des fichiers chiffrés via un canal non sécurisé et que vous voulez être sûr qu'ils arrivent intacts.</li>

@ -130,7 +130,7 @@ De plus, un grand merci à ces personnes, qui ont aidé à traduire Picocrypt et
  <li>Michel pour francais</li>
 </ul>

-Enfin, merci à ces personnes de m'avoir aidé dés que le besoin s'en est fait sentir  :
+Enfin, merci à ces personnes de m'avoir aidé dés que le besoin s'en est fait sentir :

 <ul>
 <li>Fuderal sur Discord pour m'avoir aidé à configurer un serveur Discord</li>