fz0x1/Picocrypt
1
0
Fork 0
mirror of https://github.com/Picocrypt/Picocrypt.git synced 2025-05-11 05:28:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Initial commit

Browse source
This commit is contained in:
Evan Su 2024-06-01 11:03:54 -04:00
parent e47234d6a5
commit 10c0b6b7d2
13 changed files with 3007 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
.github/workflows/codeql-analysis.yml vendored Normal file
View file

@ -0,0 +1,32 @@
name: "CodeQL"
on:
push:
paths:
- "src/*.go"
- "src/go.mod"
- "src/go.sum"
pull_request:
branches: [ main ]
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ['go']
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3

280
Changelog.md Normal file
View file

@ -0,0 +1,280 @@
# Future
<ul>
<li>Migrate golang.org/x/crypto to standard library imports (https://github.com/golang/go/issues/65269)</li>
</ul>
# v1.34 (Released 04/29/2024)
<ul>
<li>✓ New CLI with support for files, folders, globs, paranoid mode, and Reed-Solomon</li>
<li>✓ Migrate github.com/HACKERALERT/crypto back to golang.org/x/crypto</li>
<li>✓ Distribute raw Linux binary instead of AppImage for better portability</li>
<li>✓ Distribute macOS binaries for both Intel and Apple silicon</li>
</ul>
# v1.33 (Released 06/27/2023)
<ul>
<li>✓ Add tooltip warning that comments are not encrypted (#164)</li>
<li>✓ Hash keyfiles in chunks to reduce memory usage (#168)</li>
<li>✓ Prevent using identical keyfiles under different filenames (#170)</li>
</ul>
# v1.32 (Released 04/28/2023)
<ul>
<li>✓ Added a command-line interface</li>
<li>✓ Use Debian 11 as the base for the AppImage instead of Debian 10</li>
<li>✓ Include software rendering DLLs in the Paranoid Pack for future proofing</li>
<li>✓ Add plausible deniability and recursive encryption</li>
<li>✓ Added an installer for Windows (made using Inno Setup)</li>
</ul>
# v1.31 (Released 11/18/2022)
<ul>
<li>✓ Force software OpenGL rendering on macOS</li>
<li>✓ Use native clipboard APIs instead of external package (removes need for xclip)</li>
<li>✓ Revert using system temporary folder due to size issues</li>
</ul>
# v1.30 (Released 09/24/2022)
<ul>
<li>✓ Improve tooltip word choice</li>
<li>✓ Add FAQ to README</li>
<li>✓ Fix scaling issue when moving between monitors with different DPIs (on Windows)</li>
<li>✓ Strip periods from custom output filename to prevent file extension problems</li>
<li>✓ Minor tweaks to keyfile modal</li>
<li>✓ Use temporary .zip file to prevent overwriting when encrypting</li>
<li>✓ Check if files already exist when recombining and splitting to prevent overwriting</li>
<li>✓ Show ".*" in the output box if splitting</li>
<li>✓ Skip temporary and inaccessible files when combining/compressing</li>
<li>✓ Improve file scanning performance by precomputing total size</li>
<li>✓ Stability improvements and fixes for edge cases</li>
<li>✓ Check for clipboard support on Linux</li>
</ul>
# v1.29 (Released 05/23/2022)
<ul>
<li>✓ Review/improve Internals.md</li>
<li>✓ Add option to compress when encrypting a single file</li>
<li>✓ Check for errors when not enough disk space</li>
<li>✓ Show MiB/GiB instead of M/G in the input label to prevent confusion</li>
<li>✓ Minor consistency improvements</li>
</ul>
# v1.28 (Released 05/16/2022)
<ul>
<li>✓ Fix bug when decrypting a splitted volume with a custom output name and "Delete files" selected</li>
<li>✓ Improve responsiveness of cancel button (instant cancel when pressed instead of delays)</li>
<li>✓ Software OpenGL rendering on Windows (for Windows on ARM compatibility and older hardware)</li>
<li>✓ Progress, speed, and ETA for combining/compressing files, recombining files, and splitting files</li>
<li>✓ Improve overall IO performance</li>
<li>✓ Much smoother Reed-Solomon decryption flow, slightly better performance</li>
<li>✓ Major code cleanups and organizing</li>
<li><i>Much better</i> file permission handling</li>
<li>✓ Numerous minor fixes and improvements</li>
<li>✓ Improve Reed-Solomon performance (only rebuild data if corruption is detected)</li>
<li>`gofmt` and `go mod tidy` all dependencies</li>
<li>✓ Fix bad pointer issue when running with `-race`</li>
<li>✓ Fix focus bug where input boxes are not cleared if they are focused when file is dropped</li>
<li>✓ Fix bug on Windows where copying from the password field using Ctrl+C and then pasting with the "Paste" button would cause a crash</li>
<li>✓ Make sure at least one password characters category is checked when generating</li>
<li>✓ Use `desktop-file-validate` to find and remove deprecated fields and fix invalid ones in the .desktop for .deb and AppImage</li>
<li>✓ .deb and AppImage optimizations, reliability improvements</li>
<li>✓ Snapcraft uses software OpenGL rendering as well now</li>
<li>✓ Statically linked libc6, etc. for best cross-platform compatibility for Snapcraft</li>
<li>✓ Added NO_AT_BRIDGE=1 to Snapcraft to fix an issue on Arch Linux (#75)</li>
<li>✓ Clean up unnecessary files in dependencies</li>
<li>✓ Sign executables with OpenPGP</li>
</ul>
# v1.27 (Released 05/02/2022)
<ul>
<li>✓ Input validation for split size</li>
<li>✓ Ability to split into a custom number of total chunks in addition to by size</li>
<li>✓ Fix issue with long comments</li>
<li>✓ Deprecate Snapcraft and provide a .deb and AppImage instead</li>
</ul>
# v1.26 (Released 04/18/2022)
<ul>
<li>✓ Fix a race condition</li>
<li>✓ Fix invalid pointer crash when decrypting files >256GB</li>
<li>✓ UI improvements and tweaks</li>
<li>✓ Fix crash on Windows when saving to the root directory of a drive</li>
<li>✓ Max file size limit removed! Picocrypt can now encrypt files of unlimited size instead of being capped at 256 GiB</li>
<li>✓ Shows total input size along with input label</li>
<li>✓ Update to GLFW 3.3.6 for better stability</li>
</ul>
# v1.25 (Released 04/13/2022)
<ul>
<li>✓ Improve Internals documentation (header format, etc.)</li>
<li>✓ Save as and keyfile file dialog now opens in the same directory as dropped files</li>
<li>✓ Improvements for long file names</li>
<li>✓ Minor UI improvements and fixes</li>
</ul>
# v1.24 (Released 04/02/2022)
<ul>
<li>✓ Fixed layout bug that allowed scrolling within window</li>
<li>✓ Optimize dependencies</li>
<li>✓ Numerous code and UI optimizations, including better comments</li>
<li>✓ Keyfile modal will recenter automatically upon dropping a keyfile</li>
<li>✓ Fix modals moving around randomly when open and closed numerous times</li>
<li>✓ Fixed: Progressbar modal moves around weirdly sometimes</li>
<li>✓ Better error handling</li>
<li>✓ Show compression speed and percentage</li>
<li>✓ Smoothen splitting file and recombing file progress bars</li>
<li>✓ Finish adding tooltips</li>
</ul>
# v1.23 (Released 03/19/2022)
<ul>
<li>✓ Removed the checksum generator to get back on track with original Picocrypt ideology</li>
<li>✓ Cleaned up and optimized code</li>
<li>✓ Compiled with MinGW GCC11 instead of TDM-GCC, Go 1.18 instead of Go 1.17</li>
<li>✓ Picocrypt no longer checks for new versions, so no network requests are ever made</li>
</ul>
# v1.22 (Released 12/22/2021)
<ul>
<li>✓ Remove fast mode, as a change for the normal mode will make fast mode obselete</li>
<li>✓ For normal mode, change HMAC-SHA3 to a keyed Blake2b</li>
</ul>
# v1.21 (Released 11/19/2021)
<ul>
<li>✓ Remove file shredder because it won't be very effective in the future</li>
<li>✓ Fix minor temporary file bug</li>
<li>✓ Improve decryption UI</li>
</ul>
# v1.20 (Released 11/12/2021)
<ul>
<li>✓ Fix keyfile modal UI layout</li>
<li>✓ Fix keyfile modal typo</li>
<li>✓ Fix minor keyfile bug</li>
<li>✓ Improve shredding window layout</li>
<li>✓ Fork all dependencies and recursive dependencies into "offline" repos for hardening and better stability</li>
<li>✓ Fix UI scaling issues</li>
<li>✓ Fix high DPI layout issues</li>
<li>✓ Optimize zip compressor</li>
</ul>
# v1.19 (Released 09/26/2021)
<ul>
<li>✓ UI scaling hotfix</li>
</ul>
# v1.18 (Released 09/24/2021)
<ul>
<li>✓ Make UI more consistent (minor DPI issues)</li>
<li>✓ Fix crashing when OS denies permission to access file</li>
<li>✓ Fixed bug where file object was not closed properly</li>
<li>✓ Encryption/decryption file naming and extension bugs</li>
<li>✓ Many fixes, optimizations, and linting</li>
</ul>
# v1.17 (Released 09/04/2021)
<ul>
<li>✓ (abandoned due to UI issues with ASCII codes >128) Extended ASCII set in password generator</li>
<li>✓ Tooltips for all advanced options</li>
<li>✓ Localization support (use system default where possible)</li>
<li>✓ Auto detect system locale, fallback to English</li>
<li>✓ Fix ETA negative number bug</li>
<li>✓ Add clear button to password field</li>
<li>✓ Multiple keyfiles support and DND</li>
<li>✓ Option to require specific keyfile order</li>
<li>✓ Keyfile generator</li>
<li>✓ Bug: Red error label shown in main window during successful decryption after selecting incorrect keyfiles</li>
<li>✓ Prevent duplicate keyfile</li>
<li>✓ Add a select keyfile button</li>
<li>✓ Make sure only one of "Fast mode" and "Paranoid mode" can be enabled</li>
<li>✓ Fix bug where metadata says "read-only", but the textbox is modifiable</li>
<li>✓ Add option to delete encrypted files after decryption</li>
</ul>
<strong>Note: v1.17 will be incompatible with all previous releases!</strong>
# v1.16 (Released 08/11/2021)
<ul>
<li>✓ Fixed bug when entering a wrong password when decrypting a splitted file</li>
<li>✓ Fixed bug where an existing file is delete when a wrong password is used</li>
<li>✓ The password generator is now customizable</li>
<li>✓ Make keyfile support more reliable (keyfile now out of Beta)</li>
<li>✓ Fix keyfile user flow issue</li>
<li>✓ Bug fixes</li>
<li>✓ UI fixes improvements</li>
</ul>
# v1.15 (Released 08/09/2021)
<ul>
<li>✓ Add cancel button to file shredder and custom number of passes</li>
<li>✓ Password generator</li>
<li>✓ Make password strength circle start at top</li>
<li>✓ Fix shredder UI bugs</li>
</ul>
# v1.14 (Released 08/07/2021)
<ul>
<li>✓ Low-severity security fix for the recently discovered partitioning oracle attacks</li>
<li>✓ Move from Monocypher to Go's standard supplemental ChaCha20 in favour of the latter being stateful</li>
<li>✓ Add SHA3 (normal mode) and BLAKE2b (fast mode) as HMAC to replace Poly1305 and prevent partitioning oracle attacks</li>
<li>✓ Removed ~100 lines of unnecessary code now that Picocrypt uses Go's ChaCha20 (cleaner and stabler code)</li>
<li>✓ Added window icons</li>
<li>✓ Switch to a new Reed-Solomon encoder that automatically corrects errors</li>
<li>✓ Add a "Paranoid mode", which will use the Serpent cipher in addition to XChaCha20</li>
<li>✓ Cleaner code with plenty of comments for people taking a look</li>
<li>✓ Metadata is now Reed-Solomon encoded (everything bit of header data is now RS-encoded for redundancy)</li>
<li>✓ Reed-Solomon checkbox is now enabled and Reed-Solomon works</li>
<li>✓ Implemented Dropbox's zxcvbn password strength checker</li>
<li>✓ Removed paranoid shredding as it is too hard to implement correctly and not cross platform</li>
<li>✓ Fixed Windows zip extract error notice that doesn't appear in 7-Zip (edit: it was a backslash issue)</li>
<li>✓ Optional shred temporary files checkbox</li>
<li>✓ Remove BLAKE3 from the checksum generator tab, as it has no practical use and requires a non-standard library</li>
<li>✓ Advanced options are shown dynamically depending on whether encrypting or decrypting</li>
<li>✓ Window closing disabled during encryption/decryption/shredding to prevent leakage of temporary files</li>
<li>✓ Reduce padding of metadataLength from 10 to 5 (you probably won't type more than 99999 metadata characters)</li>
<li>✓ Use regex to check if an input file is a valid Picocrypt volume or not during decryption</li>
<li>✓ Improved user flow as well as fix UI bugs</li>
<li>✓ Code optimizations</li>
<li>✓ Many bug fixes/stability improvments</li>
</ul>
<strong>Note: v1.14 will be incompatible with all previous releases!</strong>
# v1.13 (Released 5/29/2021)
<ul>
<li>✓ Picocrypt has been ported from Python to Go, thus completely rewritten</li>
<li>✓ Added fast mode, which can achieve ~250MB/s</li>
<li>✓ Added file shredder and file checksum generator</li>
<li>✓ Automatically checks for newer versions</li>
<li>✓ Added file chunking support</li>
</ul>
<strong>Note: v1.13 will be incompatible with all previous releases!</strong>
# v1.12.1 (Released 04/11/2021)
<ul>
<li>✓ Fixed a bug that caused "Secure wipe" feature to show "Unknown error" when done</li>
</ul>
# v1.12 (Released 04/07/2021)
<ul>
<li>✓ Beautiful UI</li>
<li>✓ More than x2 as fast as previous versions</li>
<li>✓ Add cancel button to cancel encryption/decryption</li>
<li>✓ (Bug) Delete existing file only if password is correct</li>
<li>✓ Minor aesthetic fixes</li>
<li>✓ Complete rewrite from scratch, to ensure reliability and security</li>
<li>✓ Better anti-corruption (re-defined header format)</li>
<li>✓ Switch to Argon2d instead Argon2id for better security</li>
<li>✓ Switch from SHA3 to BLAKE3 for corruption check</li>
<li>✓ Better user flow</li>
</ul>
<strong>Note: v1.12 will be incompatible with all previous releases!</strong>
# v1.11 (Released 03/23/2021)
<ul>
<li>✓ Much more secure wipe via <code>sdelete64</code> for Windows, <code>shred</code> for Linux, and <code>rm -P</code> for MacOS</li>
<li>✓ Much more beautiful UI for macOS</li>
<li>✓ Robust secure wipe support for drag and dropped files/folders</li>
<li>✓ Only open input files in read mode, since write mode is unnecessary</li>
<li>✓ Clean up source code, add better comments</li>
<li>✓ Drag and drop support (multiple files, a folder, a file and a folder, etc.)</li>
</ul>

58
Internals.md Normal file
View file

@ -0,0 +1,58 @@
# Internals
If you're wondering about how Picocrypt handles cryptography, you've come to the right place! This page contains the technical details about the cryptographic algorithms and parameters used, as well as how cryptographic values are stored in the header format.
# Core Cryptography
Picocrypt uses the following cryptographic primitives:
- XChaCha20 (cascaded with Serpent in counter mode for paranoid mode)
- Keyed-BLAKE2b for normal mode, HMAC-SHA3 for paranoid mode (256-bit key, 512-bit digest)
- HKDF-SHA3 for deriving a subkey for the MAC above, as well as a key for Serpent
- Argon2id:
- Normal mode: 4 passes, 1 GiB memory, 4 threads
- Paranoid mode: 8 passes, 1 GiB memory, 8 threads
All primitives used are from the well-known [golang.org/x/crypto](https://pkg.go.dev/golang.org/x/crypto) module.
# Counter Overflow
Since XChaCha20 has a max message size of 256 GiB, Picocrypt will use the HKDF-SHA3 mentioned above to generate a new nonce for XChaCha20 and a new IV for Serpent if the total encrypted data is more than 60 GiB. While this threshold can be increased up to 256 GiB, Picocrypt uses 60 GiB to prevent any edge cases with blocks or the counter used by Serpent.
# Header Format
A Picocrypt volume's header is encoded with Reed-Solomon by default since it is, after all, the most important part of the entire file. An encoded value will take up three times the size of the unencoded value.
**All offsets and sizes below are in bytes.**
| Offset | Encoded size | Decoded size | Description
| ------ | ------------ | ------------ | -----------
| 0 | 15 | 5 | Version number (ex. "v1.15")
| 15 | 15 | 5 | Length of comments, zero-padded to 5 bytes
| 30 | 3C | C | Comments with a length of C characters
| 30+3C | 15 | 5 | Flags (paranoid mode, use keyfiles, etc.)
| 45+3C | 48 | 16 | Salt for Argon2
| 93+3C | 96 | 32 | Salt for HKDF-SHA3
| 189+3C | 48 | 16 | IV for Serpent
| 237+3C | 72 | 24 | Nonce for XChaCha20
| 309+3C | 192 | 64 | SHA3-512 of encryption key
| 501+3C | 96 | 32 | SHA3-256 of keyfile key
| 597+3C | 192 | 64 | Authentication tag (BLAKE2b/HMAC-SHA3)
| 789+3C | | | Encrypted contents of input data
# Keyfile Design
Picocrypt allows the use of keyfiles as an additional form of authentication. Picocrypt's unique "Require correct order" feature enforces the user to drop keyfiles into the window in the same order as they did when encrypting in order to decrypt the volume successfully. Here's how it works:
If correct order is not required, Picocrypt will take the SHA3-256 of each keyfile individually and XOR the hashes together. Finally, the result is XORed with the master key. Because the XOR operation is both commutative and associative, the order in which the keyfile hashes are XORed with each other doesn't matter - the end result is the same.
If correct order is required, Picocrypt will concatenate the keyfiles together in the order they were dropped into the window and take the SHA3-256 of the combined keyfiles. If the order is not correct, the keyfiles, when appended to each other, will result in a different file, and thus a different hash. So, the correct order of keyfiles is required to decrypt the volume successfully.
# Reed-Solomon
By default, all Picocrypt volume headers are encoded with Reed-Solomon to improve resiliency against bit rot. The header uses N+2N encoding, where N is the size of a particular header field such as the version number, and 2N is the number of parity bytes added. Using the Berlekamp-Welch algorithm, Picocrypt is able to automatically detect and correct up to 2N/2=N broken bytes.
If Reed-Solomon is to be used with the input data itself, the data will be encoded using 128+8 encoding, with the data being read in 1 MiB chunks and encoded in 128-byte blocks, and the final block padded to 128 bytes using PKCS#7.
To address the edge case where the final 128-byte block happens to be padded so that it completes a full 1 MiB chunk, a flag is used to distinguish whether the last 128-byte block was padded originally or if it is just a full 128-byte block of data.
# Deniability
Plausible deniability in Picocrypt is achieved by simply re-encrypting the volume but without storing any identifiable header data. A new Argon2 salt and XChaCha20 nonce will be generated and stored in the deniable volume, but since both values are random, they don't reveal anything. A deniable volume will look something like this:
```
[argon2 salt][xchacha20 nonce][encrypted stream of bytes]
```
# Just Read the Code
Picocrypt is a very simple tool and only has one source file. The source Go file is just 2K lines and a lot of the code is dealing with the UI. The core cryptography code is only about 1K lines of code, and even so, a lot of that code deals with the UI and other features of Picocrypt. So if you need more information about how Picocrypt works, just read the code. It's not long, and it is well commented and will explain what happens under the hood better than a document can.

193
README.md Normal file
View file

@ -0,0 +1,193 @@
<p align="center"><img align="center" src="/images/logo.svg" width="512" alt="Picocrypt"></p>
Picocrypt is a very small (hence <i>Pico</i>), very simple, yet very secure encryption tool that you can use to protect your files. It's designed to be the <i>go-to</i> tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security, even from three-letter agencies like the NSA. <strong>Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.</strong>
<br>
<p align="center"><img align="center" src="/images/screenshot.png" width="318" alt="Picocrypt"></p>
# Funding
**Please donate to Picocrypt on <a href="https://opencollective.com/picocrypt">Open Collective</a> (crypto is accepted) to raise money for a security audit from Cure53. Because this is a project that I spend many hours on and make no money from, I cannot pay for an audit myself. <i>Picocrypt needs support from its community.**</i>
# Downloads
**Important**: There are multiple entities under the name "Picocrypt". For example, there's an old encryption tool called PicoCrypt that uses a broken cipher. There's also an ERC-funded research project called PICOCRYPT. There are even domains related to Picocrypt that I've never registered like picocrypt.com and picocrypt.org. Please don't confuse any of these unrelated (and potentially malicious) projects/domains with Picocrypt (this project). **Make sure to only download Picocrypt from this repository** to ensure that you get the authentic and backdoor-free Picocrypt. When sharing Picocrypt with others, be sure to link to this repository to prevent any confusion.
**Beware of picocrypt.org, which claims to be the official website for this project! Remember, there is no official website for Picocrypt.** Even if this self-proclaimed website is taken down, I will not remove this message; let it be a real-world warning to stay vigilant.
## Windows
Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.33/Picocrypt.exe">here</a>. If Microsoft Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone.
If you use Picocrypt frequently, you can also download the installable version from <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.33/Installer.exe">here</a>, which will install Picocrypt onto your system and add it to your start menu for easy access. The installer also includes extra compatibility helpers, so if the portable executable doesn't work, this likely will.
## macOS
Picocrypt for macOS is very simple as well. Download Picocrypt for Apple silicon <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.34/Picocrypt-arm64.dmg">here</a>, open the container, and drag Picocrypt to your Downloads or Applications. If you can't open Picocrypt because it's not from a verified developer, control-click on Picocrypt and hit Open to bypass the warning. If the app appears to be "damaged" and can't be opened, try manually trusting it from a terminal:
```
xattr -d com.apple.quarantine /Applications/Picocrypt.app
```
Note that Picocrypt requires OpenGL, and may not work in the future if Apple removes it.
## Linux
To use Picocrypt on Linux, you can download the raw binary <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.34/Picocrypt">here</a>. Alternatively, you can try the <a href="https://snapcraft.io/picocrypt">Snap</a>, run Picocrypt through Wine, or compile from source using the instructions in the `src/` directory.
## CLI
A command-line interface is available for Picocrypt <a href="/cli/v2/picocrypt">here</a>. It can encrypt and decrypt files, folders, and globs, and supports paranoid mode and Reed-Solomon encoding. You can use it on systems that don't have a GUI or can't run the GUI app, or to write automated shell scripts for backups, etc.
## Web
A web interface for Picocrypt is available <a href="https://picocrypt.pages.dev/">here</a>, allowing you to use a lite version of Picocrypt on any device. Keep in mind that its functionality is very limited and you won't be able to use any advanced features or encrypt large files. It is also quite slow compared to the native app.
## Paranoid Pack
The Paranoid Pack is a compressed archive that contains executables for Windows, macOS, and Linux, including the source code and dependencies. As long as you have it stored in a place you can access, you'll be able to open it and use Picocrypt on any desktop operating system in case this repository mysteriously vanishes or the entire Internet burns down. Think of it as a seed vault for Picocrypt; as long as one person has the Paranoid Pack within reach, they can share it with the rest of the world and keep Picocrypt functional in case of catastrophic events. The best way to ensure Picocrypt is accessible many decades from now is to keep a Paranoid Pack in a safe place. Get your copy <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.33/Paranoid.zip">here</a>.
# Why Picocrypt?
Why should you use Picocrypt instead of VeraCrypt, 7-Zip, BitLocker, or Cryptomator? Here are a few reasons why you should choose Picocrypt:
<ul>
<li>Unlike BitLocker and most cloud services, Picocrypt and its dependencies are completely open-source and auditable. You can verify for yourself that there aren't any backdoors or flaws.</li>
<li>Picocrypt is <i>tiny</i>. While Cryptomator is over 50 MiB and VeraCrypt is over 20 MiB, Picocrypt sits at just 3 MiB, about the size of a medium-resolution photo. And that's not all - Picocrypt is portable (doesn't need to be installed) and doesn't require administrator/root privileges.</li>
<li>Picocrypt is easier and more productive to use than VeraCrypt. To encrypt files with VeraCrypt, you'd have to spend a minute or two just setting up a volume. With Picocrypt's simple UI, all you have to do is drag and drop your files, enter a password, and hit Encrypt. All the complex procedures are handled by Picocrypt internally. Who said secure encryption can't be simple?</li>
<li>Picocrypt is designed for security. 7-Zip is an archive utility and not an encryption tool, so its focus is not on security. Picocrypt, however, is built with security as the number one priority. Every part of Picocrypt exists for a reason and anything that could impact the security of Picocrypt is removed. Picocrypt is built with cryptography you can trust.</li>
<li>Picocrypt authenticates data in addition to protecting it, preventing hackers from maliciously modifying sensitive data. This is useful when you are sending encrypted files over an insecure channel and want to be sure that it arrives untouched.</li>
<li>Picocrypt actively protects header data from corruption by adding extra Reed-Solomon parity bytes, so if part of a volume's header (which contains important cryptographic components) corrupts (e.g., hard drive bit rot), Picocrypt can still recover the header and decrypt your data with a high success rate. Picocrypt can also encode the entire volume with Reed-Solomon to prevent any corruption to your important files.</li>
</ul>
# Comparison
Here's how Picocrypt compares to other popular encryption tools.
| | Picocrypt | VeraCrypt | 7-Zip GUI | BitLocker | Cryptomator |
| -------------- | -------------- | -------------- | -------------- | -------------- | -------------- |
| Free |✅ Yes |✅ Yes |✅ Yes |✅ Bundled |✅ Yes |
| Open Source |✅ GPLv3 |✅ Multi |✅ LGPL |❌ No |✅ GPLv3 |
| Cross-Platform |✅ Yes |✅ Yes |❌ No |❌ No |✅ Yes |
| Size |✅ 3 MiB |❌ 20 MiB |✅ 2 MiB |✅ N/A |❌ 50 MiB |
| Portable |✅ Yes |✅ Yes |❌ No |✅ Yes |❌ No |
| Permissions |✅ None |❌ Admin |❌ Admin |❌ Admin |❌ Admin |
| Ease-Of-Use |✅ Easy |❌ Hard |✅ Easy |✅ Easy |🟧 Medium |
| Cipher |✅ XChaCha20 |✅ AES-256 |✅ AES-256 |🟧 AES-128 |✅ AES-256 |
| Key Derivation |✅ Argon2 |🟧 PBKDF2 |❌ SHA-256 |❓ Unknown |✅ Scrypt |
| Data Integrity |✅ Always |❌ No |❌ No |❓ Unknown |✅ Always |
| Deniability |✅ Supported |✅ Supported |❌ No |❌ No |❌ No |
| Reed-Solomon |✅ Yes |❌ No |❌ No |❌ No |❌ No |
| Compression |✅ Yes |❌ No |✅ Yes |✅ Yes |❌ No |
| Telemetry |✅ None |✅ None |✅ None |❓ Unknown |✅ None |
| Audited |❌ [Donate](https://opencollective.com/picocrypt) |✅ Yes |❌ No |❓ Unknown |✅ Yes |
Keep in mind that while Picocrypt does most things better than other tools, it's not a one-size-fits-all and doesn't try to be. There are use cases such as full-disk encryption where VeraCrypt and BitLocker would be a better choice. So while Picocrypt is a great choice for the majority of people, you should still do your own research and use what's best for you.
# Features
Picocrypt is a very simple tool, and most users will intuitively understand how to use it in a few seconds. On a basic level, simply dropping your files, entering a password, and hitting Encrypt is all that's needed to encrypt your files. Dropping the output back into Picocrypt, entering the password, and hitting Decrypt is all that's needed to decrypt those files. Pretty simple, right?
While being simple, Picocrypt also strives to be powerful in the hands of knowledgeable and advanced users. Thus, there are some additional options that you may use to suit your needs.
<ul>
<li><strong>Password generator</strong>: Picocrypt provides a secure password generator that you can use to create cryptographically secure passwords. You can customize the password length, as well as the types of characters to include.</li>
<li><strong>Comments</strong>: Use this to store notes, information, and text along with the file (it won't be encrypted). For example, you can put a description of the file you're encrypting before sending it to someone. When the person you sent it to drops the file into Picocrypt, your description will be shown to that person.</li>
<li><strong>Keyfiles</strong>: Picocrypt supports the use of keyfiles as an additional form of authentication (or the only form of authentication). Any file can be used as a keyfile, and a secure keyfile generator is provided for convenience. Not only can you use multiple keyfiles, but you can also require the correct order of keyfiles to be present for a successful decryption to occur. A particularly good use case of multiple keyfiles is creating a shared volume, where each person holds a keyfile, and all of them (and their keyfiles) must be present to decrypt the shared volume. By checking the "Require correct order" box and dropping your keyfile in last, you can also ensure that you'll always be the one clicking the Decrypt button.</li>
<li><strong>Paranoid mode</strong>: Using this mode will encrypt your data with both XChaCha20 and Serpent in a cascade fashion, and use HMAC-SHA3 to authenticate data instead of BLAKE2b. Argon2 parameters will be increased significantly as well. This is recommended for protecting top-secret files and provides the highest level of practical security attainable. For a hacker to break into your encrypted data, both the XChaCha20 cipher and the Serpent cipher must be broken, assuming you've chosen a good password. It's safe to say that in this mode, your files are impossible to crack. Keep in mind, however, that this mode is slower and isn't really necessary unless you're a government agent with classified data or a whistleblower under threat.</li>
<li><strong>Reed-Solomon</strong>: This feature is very useful if you are planning to archive important data on a cloud provider or external medium for a long time. If checked, Picocrypt will use the Reed-Solomon error correction code to add 8 extra bytes for every 128 bytes of data to prevent file corruption. This means that up to ~3% of your file can corrupt and Picocrypt will still be able to correct the errors and decrypt your files with no corruption. Of course, if your file corrupts very badly (e.g., you dropped your hard drive), Picocrypt won't be able to fully recover your files, but it will try its best to recover what it can. Note that this option will slow down encryption and decryption speeds significantly.</li>
<li><strong>Force decrypt</strong>: Picocrypt automatically checks for file integrity upon decryption. If the file has been modified or is corrupted, Picocrypt will automatically delete the output for the user's safety. If you would like to override these safeguards, check this option. Also, if this option is checked and the Reed-Solomon feature was used on the encrypted volume, Picocrypt will attempt to recover as much of the file as possible during decryption.</li>
<li><strong>Split into chunks</strong>: Don't feel like dealing with gargantuan files? No worries! With Picocrypt, you can choose to split your output file into custom-sized chunks, so large files can become more manageable and easier to upload to cloud providers. Simply choose a unit (KiB, MiB, GiB, or TiB) and enter your desired chunk size for that unit. To decrypt the chunks, simply drag one of them into Picocrypt and the chunks will be automatically recombined during decryption.</li>
<li><strong>Compress files</strong>: By default, Picocrypt uses a zip file with no compression to quickly merge files together when encrypting multiple files. If you would like to compress these files, however, simply check this box and the standard Deflate compression algorithm will be applied during encryption.</li>
<li><strong>Deniability</strong>: Picocrypt volumes typically follow an easily recognizable header format. However, if you want to hide the fact that you are encrypting your files, enabling this option will provide you with plausible deniability. The output volume will indistinguishable from a stream of random bytes, and no one can prove it is a volume without the correct password. This can be useful in an authoritarian country where the only way to transport your files safely is if they don't "exist" in the first place. Keep in mind that this mode slows down encryption and decryption speeds, requires you to manually rename the volume afterward, renders comments useless, and also voids the extra security precautions of the paranoid mode, so you should only use it if absolutely necessary.</li>
<li><strong>Recursively</strong>: If you want to encrypt and/or decrypt a large set of files individually, this option will tell Picocrypt to go through every recursive file that you drop in and encrypt/decrypt it separately. This is useful, for example, if you are encrypting thousands of large documents and want to be able to decrypt any one of them in particular without having to download and decrypt the entire set of documents. Keep in mind that this is a very complex feature that should only be used if you know what you are doing.</li>
</ul>
# Security
For more information on how Picocrypt handles cryptography, see <a href="Internals.md">Internals</a> for the technical details. If you're worried about the safety of me or this project, let me assure you that this repository won't be hijacked or backdoored. I have 2FA (TOTP) enabled on all accounts with a tie to Picocrypt (GitHub, Reddit, Google, etc.), in addition to full-disk encryption on all of my portable devices. For further hardening, Picocrypt uses my isolated forks of dependencies and I fetch upstream only when I have taken a look at the changes and believe that there aren't any security issues. This means that if a dependency gets hacked or deleted by the author, Picocrypt will be using my fork of it and remain completely unaffected. You can feel confident about using Picocrypt.
## Signatures
For the paranoid, Picocrypt is signed with PGP. The fingerprint and public key are listed below.
<pre>B342A744BDEEA57B6A583E33A247E73798946F55</pre>
<pre>-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYoGUHxYJKwYBBAHaRw8BAQdAvmQA+pdbDB/ynJxHhNDpz6Sb5tgkNuuNJIvw
HYwZtqi0CVBpY29jcnlwdIiTBBMWCgA7FiEEs0KnRL3upXtqWD4zokfnN5iUb1UF
AmKBlB8CGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQokfnN5iUb1UZ
RgEA8jbIsdqCr21DWxcqW/eLlbxRkuA8kflVYvWWUxtVqsUA/jQPSDpvA8rakvaL
PIbXjQvrAMkEVIc0HbCzLxr1k3sH
=YFwz
-----END PGP PUBLIC KEY BLOCK-----</pre>
# Community
Keep an eye on <a href="https://www.reddit.com/r/Picocrypt/">r/Picocrypt</a>. While I won't be active in this subreddit myself, it's still a great place to ask questions and help one another out, especially if something happens to me or this repository in the future. Remember to only trust this specific subreddit and be aware of hackers that might try to impersonate me on other platforms. I will never ask you for your password, and anyone who does is not me. I will never tell you to download a file from a suspicious link, and anyone who does is not me.
# Donations
When I was actively developing Picocrypt, I accepted donations, but now that Picocrypt is complete and production-ready, there's no need anymore. Instead, take your time and effort to share the love of Picocrypt with others. Donations are nice, but being able to help others is a lot more valuable to me than a few spare dollars. Knowing that Picocrypt is helping people secure their files is plenty enough for me.
# FAQ
**Is Picocrypt accepting new features?**
No, Picocrypt is considered feature-complete and won't be getting any new features. Unlike other tools which try to constantly add new features (which introduces new bugs and security holes), Picocrypt focuses on just a few core features but does each of them exceptionally well. Remember Picocrypt's ideology: small, simple, and secure.
**Will Android/iOS be supported?**
No, I don't plan on supporting Android or iOS because they are very different from traditional desktop operating systems and require different toolchains to develop apps for. Due to the nature of open-source software, however, a community-built version of Picocrypt for Android or iOS may appear in the future.
**Why is Picocrypt not updated frequently?**
People seem to have the notion that software must be constantly updated to stay relevant and secure. While this may be true for a lot of the software we use today, it is not for Picocrypt. Picocrypt is "good software" and good software doesn't need constant updates to remain relevant and secure. Good software will always be good software.
**Does the "Delete files" feature shred files?**
No, it doesn't shred any files and just deletes them as your file manager would. On modern storage mediums like SSDs, there is no such thing as shredding a file since wear leveling makes it impossible to overwrite a particular sector. Thus, to prevent giving users a false sense of security, Picocrypt doesn't include any shredding features at all.
**Is Picocrypt quantum-secure?**
Yes, Picocrypt is secure against quantum computers. All of the cryptography used in Picocrypt works off of a private key, and private-key cryptography is considered to be resistant against all current and future developments, including quantum computers.
# Acknowledgements
A thank you from the bottom of my heart to the significant contributors on Open Collective:
<ul>
<li>donor39 (backer)</li>
<li>Pokabu (backer)</li>
<li>akp (backer)</li>
<li>Marvin (backer)</li>
<li>Kenichi Nakasaka (backer)</li>
<li>EN (backer)</li>
<li>JC (backer)</li>
<li>Guest ($842)</li>
<li>YellowNight ($818)</li>
<li>evelian ($50)</li>
<li>jp26 ($50)</li>
<li>guest-116103ad ($50)</li>
<li>Guest ($27)</li>
<li>oli ($20)</li>
<li>Bright ($20)</li>
<li>Incognito ($20)</li>
<li>Guest ($20)</li>
<li>Markus ($15)</li>
<li>Tybbs ($10)</li>
<li>N. Chin ($10)</li>
<li>Manjot ($10)</li>
<li>Phil P. ($10)</li>
<li>Raymond ($10)</li>
<li>Cohen ($10)</li>
<li>EuA ($10)</li>
<li>geevade ($10)</li>
<li>Guest ($10)</li>
<li>Hilebrinest ($10)</li>
<li>gabu.gu ($10)</li>
<li>Boat ($10)</li>
<li>Guest ($10)</li>
</ul>
<!-- Last updated April 16, 2024 -->
Also, a huge thanks to the following people who were the first to donate and support Picocrypt:
<ul>
<li>W.Graham</li>
<li>N. Chin</li>
<li>Manjot</li>
<li>Phil P.</li>
<li>E. Zahard</li>
</ul>
Finally, thanks to these people/organizations for helping me out when needed:
<ul>
<li>[ REDACTED ] for helping me create an AppImage for Picocrypt</li>
<li>u/Upstairs-Fishing867 for helping me test PGP signatures</li>
<li>u/greenreddits for constant feedback and support</li>
<li>u/Tall_Escape for helping me test Picocrypt</li>
<li>u/NSABackdoors for doing plenty of testing</li>
<li>@samuel-lucas6 for feedback, suggestions, and support</li>
<li>@AsuxAX and @Minibus93 for testing new features</li>
<li>@mdanish-kh and @stephengillie for WinGet package</li>
<li><a href="https://privacyguides.org">PrivacyGuides</a> for listing Picocrypt</li>
</ul>

BIN
images/key.icns Normal file
View file

Binary file not shown.

BIN
images/key.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 26 KiB

1
images/key.svg Normal file
View file

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" width="140" height="140" overflow="hidden"><defs><clipPath id="A"><path d="M143 118h140v140H143z"/></clipPath><linearGradient x1="143" y1="188" x2="283" y2="188" gradientUnits="userSpaceOnUse" spreadMethod="pad" id="B"><stop offset="0" stop-color="#00f2fe"/><stop offset=".021" stop-color="#03effe"/><stop offset=".293" stop-color="#24d2fe"/><stop offset=".554" stop-color="#3cbdfe"/><stop offset=".796" stop-color="#4ab0fe"/><stop offset="1" stop-color="#4facfe"/></linearGradient></defs><g clip-path="url(#A)" transform="translate(-143 -118)"><path d="M233.781 156.296c0-4.832 3.918-8.75 8.75-8.75a8.75 8.75 0 1 1 0 17.5 8.75 8.75 0 0 1-8.75-8.75zM178 252.513v-9.844h9.844a5.47 5.47 0 0 0 5.468-5.469v-9.843h9.844a5.47 5.47 0 0 0 5.469-5.469 5.47 5.47 0 0 0-5.469-5.469h-15.312a5.47 5.47 0 0 0-5.469 5.469v9.844h-9.844a5.47 5.47 0 0 0-5.469 5.469v9.843h-13.124v-16.328l48.494-48.495a5.47 5.47 0 0 0 .809-6.704 88.53 88.53 0 0 1-5.174-9.922c-1.804-4.058-.885-8.906 2.288-12.063l21.475-21.375c3.065-3.051 7.659-4.024 11.702-2.479 6.35 2.427 15.501 6.894 23.039 14.397 7.584 7.548 12.201 16.834 14.738 23.296a10.86 10.86 0 0 1-2.451 11.672l-21.735 21.633c-3.164 3.15-7.889 4.07-12.035 2.346-3.42-1.423-6.732-3.112-9.844-5.022a5.47 5.47 0 0 0-7.521 1.8 5.47 5.47 0 0 0 1.8 7.522c3.596 2.207 7.42 4.158 11.364 5.798 8.242 3.429 17.643 1.586 23.952-4.692l21.734-21.632c6.165-6.136 8.095-15.33 4.917-23.423-2.921-7.435-8.276-18.165-17.204-27.05-8.896-8.855-19.511-14.057-26.85-16.862a21.99 21.99 0 0 0-23.323 4.944l-21.475 21.375c-6.366 6.336-8.2 16.085-4.566 24.259 1.127 2.535 2.353 5.015 3.663 7.411l-47.133 47.133a5.47 5.47 0 0 0-1.602 3.868v24.062a5.47 5.47 0 0 0 5.469 5.469h24.062a5.47 5.47 0 0 0 5.469-5.469z" fill="url(#B)"/></g></svg>
Side by side

After

Width:  |  Height:  |  Size: 1.7 KiB

1
images/logo.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
images/screenshot.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 84 KiB

2323
src/Picocrypt.go Normal file
View file

File diff suppressed because it is too large Load diff

33
src/README.md Normal file
View file

@ -0,0 +1,33 @@
# Running From Source
If you would like to run Picocrypt from source, or an executable isn't available for your platform, you've come to the right place. Running from source is very simple, and I've made it even easier with these straightforward instructions. Unlike VeraCrypt, which requires complex build procedures, SDKs, and assemblers, Picocrypt can easily be compiled from source with only a Go and C compiler. All you need is ten minutes and an Internet connection.
# 1. Prerequisites
**Linux:**
```bash
apt install -y gcc xorg-dev libgtk-3-dev libgl1-mesa-dev libglu1-mesa
```
**macOS:**
```bash
xcode-select --install
brew install glfw glew
```
**Windows:** A C compiler, ideally TDM-GCC or MinGW-w64
# 2. Install Go
If you don't have Go installed, download it from <a href="https://go.dev/dl/">here</a> or install it from your package manager (`apt install golang-go`). The latest version of Go is recommended, although you may fall back to Go 1.19 should any issues arise in the future.
# 3. Get the Source Files
Download the source files as a zip from the homepage or `git clone` this repository. Next, navigate to the `src/` directory, where you will find the source file (`Picocrypt.go`). You will need this file, along with `go.mod` and `go.sum`, to compile Picocrypt.
# 4. Build From Source
Finally, build Picocrypt from source:
- Windows: <code>go build -ldflags="-s -w -H=windowsgui -extldflags=-static" Picocrypt.go</code>
- macOS: <code>go build -ldflags="-s -w" Picocrypt.go</code>
- Linux: <code>go build -ldflags="-s -w" Picocrypt.go</code>
Note: Make sure to set `CGO_ENABLED=1` if it isn't already.
# 5. Done!
You should now see a compiled executable (`Picocrypt.exe`/`Picocrypt`) in your directory. You can run it by double-clicking or executing it in your terminal. That wasn't too hard, right? Enjoy!
Note: On Linux, if hardware OpenGL isn't available, you can set `LIBGL_ALWAYS_SOFTWARE=1` to force Mesa to use software rendering. This way, Picocrypt will be able to run regardless of driver support and can even run without a GPU at all. You may also need to set `NO_AT_BRIDGE=1` to disable the accessibility bus which is known to cause potential issues.

21
src/go.mod Normal file
View file

@ -0,0 +1,21 @@
module Picocrypt
go 1.17
require (
github.com/HACKERALERT/dialog v0.0.0-20220508022504-af3bc34fe379
github.com/HACKERALERT/giu v0.5.7-0.20221117223150-211c1da061d9
github.com/HACKERALERT/imgui-go v1.12.1-0.20221117223032-1d1c00423178
github.com/HACKERALERT/infectious v0.0.0-20240424200929-b9ce72346a19
github.com/HACKERALERT/serpent v0.0.0-20210716182301-293b29869c66
github.com/HACKERALERT/zxcvbn-go v0.0.0-20220508022013-fa924b767f89
golang.org/x/crypto v0.22.0
)
require (
github.com/HACKERALERT/gl v0.0.0-20220507232930-73af36e130d3 // indirect
github.com/HACKERALERT/glfw/v3.3/glfw v0.0.0-20221117222155-c08d79e41abe // indirect
github.com/HACKERALERT/mainthread v0.0.0-20211027212305-2ec9e701cc14 // indirect
github.com/HACKERALERT/w32 v0.0.0-20220507231852-76f2a4b526bd // indirect
golang.org/x/sys v0.19.1-0.20240416221847-9a28524796a5 // indirect
)

65
src/go.sum Normal file
View file

@ -0,0 +1,65 @@
github.com/HACKERALERT/dialog v0.0.0-20220508022504-af3bc34fe379 h1:GR92LbksZ8zdbzQHf2dTI7e7P8Mjbdi5mSmQv2SK2Uw=
github.com/HACKERALERT/dialog v0.0.0-20220508022504-af3bc34fe379/go.mod h1:V0Gv8EvnwHTFk9TOZiHlYlXcUnVHoXJazNW0pVKZnkY=
github.com/HACKERALERT/giu v0.5.7-0.20221117223150-211c1da061d9 h1:dSCqc/xGO0OIrX8hzJHdh2fsvR2WW/5nMC0z3zW2HAw=
github.com/HACKERALERT/giu v0.5.7-0.20221117223150-211c1da061d9/go.mod h1:j0pjVMd/c5OLwvXE9IBDcmAVsdC4RGimZUmaxPyaxJM=
github.com/HACKERALERT/gl v0.0.0-20220507232930-73af36e130d3 h1:JMAOkmVuuJKjFAVeK+P7i3F/bVSCTU1UUmaxaYTYs9Q=
github.com/HACKERALERT/gl v0.0.0-20220507232930-73af36e130d3/go.mod h1:ZUosVzfEKNGLMLk6aj9yo0FSAhWWsbTMjuzeIUXniB0=
github.com/HACKERALERT/glfw/v3.3/glfw v0.0.0-20221117222155-c08d79e41abe h1:0qOalSxn46hXG9xwfZkaTuUs5smQQ3X5v7p89HHzkEg=
github.com/HACKERALERT/glfw/v3.3/glfw v0.0.0-20221117222155-c08d79e41abe/go.mod h1:aP+FSN9tk1W3UsQisFWxRLQ4WOF7T3niq68UYw0B150=
github.com/HACKERALERT/imgui-go v1.12.1-0.20221117223032-1d1c00423178 h1:P5T5Dr2tNJELM5sj6ngU65E1E1hFBvlNyJ0yp+Kdp34=
github.com/HACKERALERT/imgui-go v1.12.1-0.20221117223032-1d1c00423178/go.mod h1:rWUHB5suv9NAmQJa/Px9ds1D0wT/QD70CPYUqc6rqsM=
github.com/HACKERALERT/infectious v0.0.0-20240424200929-b9ce72346a19 h1:C5t561XXXRJvdiluejbka36n+YaOB4XJuQIo+25hL1k=
github.com/HACKERALERT/infectious v0.0.0-20240424200929-b9ce72346a19/go.mod h1:bTnpEk9zNS1sVKg5TRvLkuSEGVqH0+LRfcMurPtcJvY=
github.com/HACKERALERT/mainthread v0.0.0-20211027212305-2ec9e701cc14 h1:DwWXverhu/dEsPM/GPykuHGh4SxW69DaGZL5t3fANG4=
github.com/HACKERALERT/mainthread v0.0.0-20211027212305-2ec9e701cc14/go.mod h1:jW534e7roGur9mmzAfPxZLQzKXZ+GE5+XeS7PSyqPbo=
github.com/HACKERALERT/serpent v0.0.0-20210716182301-293b29869c66 h1:YDpFq+y6mRcu97rn/rhYg8u8FdeO0wzTuLgM2gVkA+c=
github.com/HACKERALERT/serpent v0.0.0-20210716182301-293b29869c66/go.mod h1:d/+9q3sIxtIyOgHNgFGr3yGBKKVn5h3vL4hV1qlmoLs=
github.com/HACKERALERT/w32 v0.0.0-20220507231852-76f2a4b526bd h1:d3JLIGBs+ZLdnkjg1ksomAywpHEFhldCaVbNzz7R6uY=
github.com/HACKERALERT/w32 v0.0.0-20220507231852-76f2a4b526bd/go.mod h1:S+3Ad2AEm5MhhuHJeAaXUmyAXON0qFDxcP/Chw8q7+Y=
github.com/HACKERALERT/zxcvbn-go v0.0.0-20220508022013-fa924b767f89 h1:mbKV9C7z0N7bGeKKxfKCRvN8snWvGVj+NOm38F3y5Uk=
github.com/HACKERALERT/zxcvbn-go v0.0.0-20220508022013-fa924b767f89/go.mod h1:nykydiYjCDMkF/2vQXSPM38vR5N9W1DITHvupnN+eOk=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.19.1-0.20240416221847-9a28524796a5 h1:0exPaeAtAlmNHCcRJc+hETS3/TcMV+yjoHhlp4+Ff3E=
golang.org/x/sys v0.19.1-0.20240416221847-9a28524796a5/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=