It’s in C, no wonder I wasn’t looking for it. If you’re happy to deal with cgo, that’s cool. Does it support drag and drop files?
Depends on the tool.
Browsers, messengers, and pretty much anything else that connects to the internet requires active development.
Encryption tools like Picocrypt, most video games, offline media players, and text editors usually don’t. I think @HACKERALERT used to have that in his Picocrypt FAQ.
Should Picocrypt-NG be recommended or should we wait a while to see if this project will survive in the long run?
Why? They can have vulnerabilities that cause weaknesses in their encryption
Not if the media is untrusted. Media players exploits have been used in the wild before ( Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it )
Might be the same for text editors and untrusted text files, but not sure
1 Like
Yes, drag-and-drop works (see my last pic, top left). I’ll add smaller details like file size after drag-and-dropping, theming, and different colors depending on input/state once I get the main encryption and decryption working.
By the way, is maliciously crafted file or text input to exploit the GUI something that PicoCrypt should prevent, or is it out of scope?
I’d also be interested in helping, but more so on the cryptographic core maintenance. Been studying cryptography and have wanted a good project to study and see how the implementation is, so this would be a good opportunity. But my spare time is quite little sadly.
1 Like
That’s awesome! Great work.
It should be prevented if possible. Picocrypt assumes the user’s host machine is trusted but not any volumes dropped onto it. So you should not be able to drop a volume and execute arbitrary code, etc.
Feel free to study it, but there’s nothing to change or maintain… it’s secure as is and changing it would invalidate the audit.
In that case, I’ll probably stay as an external contributor as I’m not as interested in GUI maintenance. But looks like there are a lot of people willing to help which is great!
1 Like
I’ve been receiving some… unideal… comments in other places and emails and it’s really starting to take a toll on me. It seems like I’m the one that needs to touch some grass. So I’m signing off. I’ve set up a successor which I think is the big important takeaway in this thread. Thank you all of PG for being engaging, friendly, and supportive. PG is one of the best online communities I’ve had the pleasure of seeing. Farewell!
8 Likes
Edit: was trying to reply to any1 but both any1 and overdrawn have similar icons and as mentioned, I need to touch grass 
so misclicked. Disregard this message.
1 Like
Can you give me your GitHub username when you make one? I’ll bring you in as a member if that’s good with you.
NG is not yet stable.
2 Likes
Discussion has moved to the Picocrypt-NG issues in case anyone wants to stay informed.
2 Likes
called it 
1 Like
Disappointed picocrypt was removed so soon !
Despite the developer urging that the software doesn’t become insecure or broken automatic, if he leaves active development.
Picocrypt is a very useful software for securely encrypting files. It was particularly helpful for me to create encrypted backups of my drives , as it was highly performant and secure too, compared to what other solutions had to offer like veracrypt or cryptomator.
I don’t really feel there is a replacement for picocrypt currently, so it should be still be kept on privacyguides recommendation.
2 Likes
Well we are not saying people should hurry and deinstall it. But we are removing it since we should not be recommending people to go a download software thats not maintained or updated.
If a security issue happens tommorow, it might take ages for people who downloaded it to take notice.
1 Like
Well for that matter even openkeychain should be removed as its practically not being maintained and is just given version bumps every 8-10 months with some cosmetic changes.
The original developer had even announed that he is no longer continuing to maintain it. With uncertainty from new guy whether they will even look after any new maintaince or fixing required.
Atleast the picocrypt dev was very upfront about his stance and made it a public archive
I understand that you don’t want new people downloading software which doesn’t have a guranteed future, but still as the dev has shown confidence in the software being safe in the relative future , so it could be kept little longer. Maybe give a Deadline for 5-6 months for delisting if no suitable devs are willing to continue to maintain it.
We could certainly discuss altering the requirement, but that we be another discussion. Right now as it stands we require software to be maintained to be listed. If anyone finds that a piece of software is not maintained, they can help us by opening another forum post where they point it out, so we can take a look at it.
2 Likes
If you look at the argument for keeping openkeychain alive by a team member it was “lack of current alternatives” despite not currently being maintained.
I am making this same argument for picocrypts case.
Although “officially” openkeychain say they are gonna do security fixes but there hasn’t been actual actions which shows fixing security issues and are probably using EOL version of openpgp protocol.
I am surely gonna make a new proposal for delisting openkeychain. But just to make sure both projects get equal treatment here.
Does the dev of picocrypt considers picocrypt a vulnerable software ? - No
1 Like