Picocrypt is Moving, AMA

Maybe you can make the webapp something you can host on a local computer on your network, then you can use some simple html and css to make a mobile UI you can connect to from your phone :stuck_out_tongue:

Got an update from radicallyopensecurity. Without reveal too many details as I’m not sure if I can do so, ROS told me that they can get a basic audit done for $3k USD. That’s actually really not far, we’re already at $2.2k USD. It will be a limited time audit, but given that the number of lines of code that actually deal with cryptography is around 1k only, I think this could be a great compromise. Nay, not even a compromise imo. Let me know what you all think! Users will ultimately make the decision as they are the ones who donated the money.

8 Likes

Hi hacker :nerd_face: alert :rotating_light:
I’m not a user of your software but read the entire readme (tons of information/wow).

Any file can be used as a keyfile, and a secure keyfile generator is provided for convenience

If you use a normal file, can it be insecure ?
Most people will uses a document, picture etc. I guess the distribution of data might not be random in those and it would make them less secure. Like a password of low length and complexity.

Not only can you use multiple keyfiles, but you can also require the correct order of keyfiles to be present for a successful decryption to occur.

My guess here is taht if you only have 2,3,4 keyfile, the order is not a very relvant security, as you would only need 2 try, 6 try and 24 try to bruteforce it by trying all combinaison.

Yes, using a normal file like a txt file in which the contents are relatively predictable is a bad idea. A picture will generally be okay, there’s enough noise to generate some randomness. But ideally use the keyfile generator built in for the best security.

Yes, the order can be bruteforced easily. The intent of the feature is not that, it is something like: if four people (three devs + a CEO) each hold a keyfile to a mutually locked volume, checking the require order and having the CEO drop their keyfile in last ensures that they must also be the last to drop their keyfile during decryption. Without this feature, the three devs can ask the CEO to drop their keyfile in and run away, but with it on, the CEO is the one who will click the decrypt button. Niche, I know, and tbh, I don’t think it is even that effective, but it was a relatively easy addition so I made it.

1 Like

Alright, gonna head out of this thread now. Feel free to create issues/discussions in the repo for further discussion or suggestions. Thanks for the many suggestions!

4 Likes
6 Likes

Thats really exciting news Evan, congratiolations! We will watch your app with great interest👀

2 Likes