Is there any reason why 7zip isn’t listed in recommendation? It is free and open-source. Any disadvantages when compared to Picocrypt? 7zip should have very strong encryption?
I alredy have 7zip installed, I wouldn’t install Picocrypt if 7zip can replace it (encyption and password protection).
I wouldn’t. From what I’ve heard 7-zip’s encryption is significantly worse than picocrypt and the developer of 7zip does not have much experience in cryptography
comparison between it and 7zip
It does not meet the minimum qualifications, particularly this baseline criterion:
- File encryption apps must support decryption on Linux, macOS, and Windows.
7-Zip proper supports only Windows according to its website.
The 7zip dev really messed up encryption in the past (improper use of random seed). Just because some app has superduper™ encryption options that doesn’t mean they have been implemented correctly.
For secure encryption always choose apps that have been written and reviewed by professionals.
From feeling that you are secure standpoint, in my opinion, you are between a rock and a hard place. 7-zip for having known vulnerabilities in the past, for not being audited, and for not using “standard” cryptography libraries. Picocrypt for having short history, for not being audited, and for not using “standard” cryptography libraries.
From the project description, Picocrypt sounds great, though: security orientation, and fund-raising to get an audit. For longer history and having more eyes looking at things, 7-zip maybe better.
Whatever tool you use, use a password manager to generate a password, and have the password entropy be equal or more than the encryption key length. This way, with whatever vulnerabilities they have, your password length may compensate for some of the shortfalls.
It is not as secure as PicoCrypt. Also it is +/- same as .zip encryption. So I wouldn’t recommend it if it is something really sensitive.
@no-username @redoomed1 @Polymer7229 @Valynor @exaCORE @jerm
Why does Picocrypt is flagged as virus on Virustotal by many vendors?
That’s a good point. Here’s the Virus Total link: VirusTotal
On one hand, the ones flagging the file look like AI/behavioral based detection, which is more prone to false positives (with the Falcon Crowdstrike correctly flagging the 3CX supply-chain-attack first). OTH, this latest version does contact a funny URL (internal network) that people didn’t like. The previous version didn’t have this URL, but got flagged the same way anyway.
I personally would not use since it makes me edgy. See a discussion about 7-zip’s being fine about a year ago: encryption - Are files encrypted with 7ZIP vulnerable to password crackers? - Information Security Stack Exchange . And voted topics about 7-zip in general: Highest scored '7zip' questions - Information Security Stack Exchange .
Edited: add 2nd link.
Maybe false positive
I looked some videos of how Picocrypt work and I don’t like the fact that every time I need to edit encrypted files I need to decrypt them, extract them, edit them and encrypt them again. Is there a program which function like a vault? I click on folder, enter password, edit files and close vault.
Cryptomator and Veracrypt do exactly that.
For non privacy, I’d say 7zip general compression is ok?
The compression isn’t the issue, it’s the encryption.
Two years old news, that’s no longer the case.