Picocrypt new repo

:sparkles:We’ve Moved!:sparkles:

In an effort to make Picocrypt more open to future developments and maintenance from the community, this repository will be moving to github.com/Picocrypt. While future developments will likely take place there, this repository will still exist as a trusted and reliable “backup” for people who need the highest level of security and stability. For people who are more open to experimental (and potentially less stable) software, I encourage you to move over to the new Picocrypt organization’s repositories. For more details, see here. Thank you all for your support along the way!

Picocrypt/README.md at main · HACKERALERT/Picocrypt · GitHub


The account name HACKERALERT in all-caps does not really inspire confidence


Something rubs me the wrong way about them describing their app as “very secure”, especially when it hasn’t been audited yet.


Even if it’s a recommended tool on Privacy Guides, I still can’t seem to swallow it. It would have helped if:

  1. They used signed binaries, .i.e. exe+dll files with digital certificates, which may help with reducing the VirusTotal flags.
  2. It’s not flagged down by the AIs on VirusTotal
  3. More community votes (more eyeballs) on VirusTotal; the single one there now is also negative.
  4. It’s a more aged project.

I’d rather be using something like 7-zip manager for encryption for now, even if Picocrypt is supposed to be more secure. Maybe in a few years, or maybe if someone actually gives the guy the money to have the code audited.

edited: based on @hakavlad comment.

1 Like


1 Like

Thanks. I meant digital signatures, .i.e. exe+dll files with digital certificates, which may help with reducing the VirusTotal flags.

1 Like

I’m not sure why anyone would use this type of crap because of the massive amount of false positives, and considering that these things don’t work, read this to know why:

1 Like

“A signing certificate, however, costs upward of $300 a year to buy and renew, which is out of budget for Picocrypt and many other projects.”


Although I understand your point that there can be many false positives, but for some set of users, being conservative in such matter may be safer for them, given that there are other alternatives.

The link that you gave suggests that using Antivirus solutions aren’t all that desirable, and suggests Window sandbox. Do you think running Picocrypt in a Window sandbox, resulting in an encrypted file from such process and extracting the file from the sandbox, is something that inspires confidence in the encryption, or is practical in usage?

In the 3CX supply chain attack, it’s one of these AI/heuristic model (I believe it was the Crowstrike Falcon) that picked up the suspicious behavior first, with humans deciding to override it because of the “false positives”. Cautions sometimes win, especially with the safety tools that are available today.

Let’s just agree that your safety criteria maybe good for you, but having subjective component to it, it may not be good for some set of people.

ps: I don’t think your “thumbdown” and “this is crap” responses are really conducive for civil discussions as they raise the emotional responses unnecessarily. Not agreeing with the forum in good faith shouldn’t provoke such responses, or should it? You don’t know me, and I have not had the history of trolling this forum. You can more or less keep your expert but belittling-others opinion to yourself.

It’s okay to not like the post, and it’s okay to express that, which is why thumbs down reaction exists in the first place. Meanwhile, accusing someone of belittling others is not okay.

1 Like

I thought the thumbs down means a dispassionate/neutral way to express disagreement?


That’s what I thought, too.