Update download links

Changelog.md

@@ -1,8 +1,8 @@
-# v1.33 (No ETA)
+# v1.33 (Released 06/27/2023)
 <ul>
-	<li>Add tooltip warning that comments are not encrypted (#164)</li>
-	<li>Hash keyfiles in chunks to reduce memory usage (#168)</li>
-	<li>Prevent using identical keyfiles under different filenames (#170)</li>
+	<li>✓ Add tooltip warning that comments are not encrypted (#164)</li>
+	<li>✓ Hash keyfiles in chunks to reduce memory usage (#168)</li>
+	<li>✓ Prevent using identical keyfiles under different filenames (#170)</li>
 </ul>
 
 # v1.32 (Released 04/28/2023)

README.md

@@ -12,21 +12,21 @@ Picocrypt is a very small (hence <i>Pico</i>), very simple, yet very secure encr
 **Important**: There are multiple entities under the name "Picocrypt". For example, there's an old encryption tool called PicoCrypt that uses a broken cipher. There's also an ERC-funded research project called PICOCRYPT. There are even domains related to Picocrypt that I've never registered. Please don't confuse any of these unrelated projects with Picocrypt (this project). Make sure to only download Picocrypt from this repository to ensure that you get the authentic and backdoor-free Picocrypt. When sharing Picocrypt with others, be sure to link to this repository to prevent any confusion.
 
 ## Windows
-Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.32/Picocrypt.exe">here</a>. If Microsoft Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone.
+Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.33/Picocrypt.exe">here</a>. If Microsoft Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone.
 
-If you use Picocrypt frequently, you can also download the installable version from <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.32/Installer.exe">here</a>, which will install Picocrypt onto your system and add it to your start menu for easy access. The installer also includes extra compatibility helpers, so if the portable executable doesn't work, this likely will.
+If you use Picocrypt frequently, you can also download the installable version from <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.33/Installer.exe">here</a>, which will install Picocrypt onto your system and add it to your start menu for easy access. The installer also includes extra compatibility helpers, so if the portable executable doesn't work, this likely will.
 
 ## macOS
-Picocrypt for macOS is very simple as well. Download Picocrypt <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.32/Picocrypt.app.zip">here</a>, extract the zip file, and run Picocrypt which is inside. If you can't open Picocrypt because it's not from a verified developer, control-click on Picocrypt and hit Open to bypass the warning. Keep in mind that Picocrypt runs through Rosetta 2 and requires OpenGL, and may not work in the future should Apple remove either.
+Picocrypt for macOS is very simple as well. Download Picocrypt <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.33/Picocrypt.app.zip">here</a>, extract the zip file, and run Picocrypt which is inside. If you can't open Picocrypt because it's not from a verified developer, control-click on Picocrypt and hit Open to bypass the warning. Keep in mind that Picocrypt runs through Rosetta 2 and requires OpenGL, and may not work in the future should Apple remove either.
 
 ## Linux
-To use Picocrypt on Linux, you can download the AppImage <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.32/Picocrypt.AppImage">here</a>. While this AppImage should work on most systems, Linux is a mess when it comes to cross-distro and cross-release compatibility, so if the AppImage doesn't work, you can try the <a href="https://snapcraft.io/picocrypt">Snap</a>, run Picocrypt through Wine, or compile from source using the instructions in the `src/` directory.
+To use Picocrypt on Linux, you can download the AppImage <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.33/Picocrypt.AppImage">here</a>. While this AppImage should work on most systems, Linux is a mess when it comes to cross-distro and cross-release compatibility, so if the AppImage doesn't work, you can try the <a href="https://snapcraft.io/picocrypt">Snap</a>, run Picocrypt through Wine, or compile from source using the instructions in the `src/` directory.
 
 ## CLI
 A command-line interface is available for Picocrypt <a href="/cli">here</a>. Keep in mind that the functionality is extremely limited and is not meant to replace the standard GUI app. Rather, it's best suited for environments where the GUI won't run or you need the ability to automate encryption workflows.
 
 ## Paranoid Pack
-The Paranoid Pack is a compressed archive that contains executables for Windows, macOS, and Linux, including the source code and dependencies. As long as you have it stored in a place you can access, you'll be able to open it and use Picocrypt on any desktop operating system in case this repository mysteriously vanishes or the entire Internet burns down. Think of it as a seed vault for Picocrypt; as long as one person has the Paranoid Pack within reach, they can share it with the rest of the world and keep Picocrypt functional in case of catastrophic events. The best way to ensure Picocrypt is accessible many decades from now is to keep a Paranoid Pack in a safe place. Get your copy <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.32/Paranoid.zip">here</a>.
+The Paranoid Pack is a compressed archive that contains executables for Windows, macOS, and Linux, including the source code and dependencies. As long as you have it stored in a place you can access, you'll be able to open it and use Picocrypt on any desktop operating system in case this repository mysteriously vanishes or the entire Internet burns down. Think of it as a seed vault for Picocrypt; as long as one person has the Paranoid Pack within reach, they can share it with the rest of the world and keep Picocrypt functional in case of catastrophic events. The best way to ensure Picocrypt is accessible many decades from now is to keep a Paranoid Pack in a safe place. Get your copy <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.33/Paranoid.zip">here</a>.
 
 # Why Picocrypt?
 Why should you use Picocrypt instead of VeraCrypt, 7-Zip, BitLocker, or Cryptomator? Here are a few reasons why you should choose Picocrypt:

cli/picocrypt/main.go

@@ -59,7 +59,7 @@ func work(filename string, password string) int {
 		rand.Read(salt)
 		rand.Read(hkdfSalt)
 		rand.Read(nonce)
-		fout.Write(rsEncode(rs5, []byte("v1.32")))
+		fout.Write(rsEncode(rs5, []byte("v1.33")))
 		fout.Write(rsEncode(rs5, []byte("00000")))
 		fout.Write(rsEncode(rs5, make([]byte, 5)))
 		fout.Write(rsEncode(rs16, salt))

src/Picocrypt.go

@@ -2,7 +2,7 @@ package main
 
 /*
 
-Picocrypt v1.32
+Picocrypt v1.33
 Copyright (c) Evan Su
 Released under a GNU GPL v3 License
 https://github.com/HACKERALERT/Picocrypt
@@ -58,7 +58,7 @@ var TRANSPARENT = color.RGBA{0x00, 0x00, 0x00, 0x00}
 
 // Generic variables
 var window *giu.MasterWindow
-var version = "v1.32"
+var version = "v1.33"
 var dpi float32
 var mode string
 var working bool
@@ -476,6 +476,11 @@ func draw() {
 					}
 					return giu.InputTextFlagsNone
 				}()),
+				giu.Custom(func() {
+					if !commentsDisabled {
+						giu.Tooltip("Note: comments are not encrypted!").Build()
+					}
+				}),
 			),
 		),
 		giu.Style().SetDisabled((len(keyfiles) == 0 && password == "") || (mode == "encrypt" && password != cpassword)).To(
@@ -1466,17 +1471,34 @@ func work() {
 		popupStatus = "Reading keyfiles..."
 		giu.Update()
 
+		var keyfileTotal int64
+		for _, path := range keyfiles {
+			stat, _ := os.Stat(path)
+			keyfileTotal += stat.Size()
+		}
+
 		if keyfileOrdered { // If order matters, hash progressively
 			var tmp = sha3.New256()
+			var keyfileDone int
 
 			// For each keyfile...
 			for _, path := range keyfiles {
 				fin, _ := os.Open(path)
-				stat, _ := os.Stat(path)
-				data := make([]byte, stat.Size())
-				fin.Read(data) // Read the keyfile
+				for { // Read in chunks of 1 MiB
+					data := make([]byte, MiB)
+					size, err := fin.Read(data)
+					if err != nil {
+						break
+					}
+					data = data[:size]
+					tmp.Write(data) // Hash the data
+
+					// Update progress
+					keyfileDone += size
+					progress = float32(keyfileDone) / float32(keyfileTotal)
+					giu.Update()
+				}
 				fin.Close()
-				tmp.Write(data) // Hash the data
 			}
 			keyfileKey = tmp.Sum(nil) // Get the SHA3-256
 
@@ -1485,17 +1507,29 @@ func work() {
 			tmp.Write(keyfileKey)
 			keyfileHash = tmp.Sum(nil)
 		} else { // If order doesn't matter, hash individually and combine
+			var keyfileDone int
+
+			// For each keyfile...
 			for _, path := range keyfiles {
 				fin, _ := os.Open(path)
-				stat, _ := os.Stat(path)
-				data := make([]byte, stat.Size())
-				fin.Read(data) // Read the keyfile
+				tmp := sha3.New256()
+				for { // Read in chunks of 1 MiB
+					data := make([]byte, MiB)
+					size, err := fin.Read(data)
+					if err != nil {
+						break
+					}
+					data = data[:size]
+					tmp.Write(data) // Hash the data
+
+					// Update progress
+					keyfileDone += size
+					progress = float32(keyfileDone) / float32(keyfileTotal)
+					giu.Update()
+				}
 				fin.Close()
 
-				// Get the SHA3-256
-				tmp := sha3.New256()
-				tmp.Write(data)
-				sum := tmp.Sum(nil)
+				sum := tmp.Sum(nil) // Get the SHA3-256
 
 				// XOR keyfile hash with 'keyfileKey'
 				if keyfileKey == nil {
@@ -1571,6 +1605,19 @@ func work() {
 	}
 
 	if len(keyfiles) > 0 || keyfile {
+		// Prevent an even number of duplicate keyfiles
+		if bytes.Equal(keyfileKey, make([]byte, 32)) {
+			mainStatus = "Duplicate keyfiles detected."
+			mainStatusColor = RED
+			fin.Close()
+			if len(allFiles) > 1 || len(onlyFolders) > 0 || compress {
+				os.Remove(inputFile)
+			}
+			fout.Close()
+			os.Remove(fout.Name())
+			return
+		}
+
 		// XOR the encryption key with the keyfile key
 		tmp := key
 		key = make([]byte, 32)