Merge branch 'HACKERALERT:main' into patch-1

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,32 @@
+name: "CodeQL"
+on:
+  push:
+    paths:
+      - "src/Picocrypt.go"
+      - "src/go.mod"
+      - "src/go.sum"
+  pull_request:
+    branches: [ main ]
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['go']
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v2
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

Changelog.md

@@ -1,17 +1,23 @@
 # Features Under Consideration
 <ul>
-	<li>Get Picocrypt audited (<i>please donate</i> to help fund the audit)</li>
-	<li>Hidden volume like VeraCrypt (thanks u/greenreddits)</li>
 	<li>CLI (thanks u/your_username)</li>
 </ul>
 
-# v1.22 (A future release)
+# v1.23 (A future release)
 <ul>
 	<li>Associate .pcv file extension with Picocrypt</li>
 	<li>Improve Reed-Solomon performance</li>
 	<li>Remove EXIF data from keyfiles</li>
 	<li>Customizable Argon2 parameters</li>
 	<li>Finish adding tooltips</li>
+	<li>Improve Internals documentation (header format, etc.)</li>
+</ul>
+
+# v1.22 (Released 12/22/2021)
+<ul>
+	<li>✓ <strike>Fix keyfile order bug</strike> (redundant, so there actually was no bug)</li>
+	<li>✓ Remove fast mode, as a change for the normal mode will make fast mode obselete</li>
+	<li>✓ For normal mode, change HMAC-SHA3 to a keyed Blake2b</li>
 </ul>
 
 # v1.21 (Released 11/19/2021)

Internals.md

@@ -4,10 +4,9 @@ If you're wondering about how Picocrypt handles cryptography, you've come to the
 # Core Cryptography
 Picocrypt uses the following cryptographic primitives:
 - XChaCha20 (cascaded with Serpent in CTR mode for paranoid mode)
-- HMAC-SHA3 for normal and paranoid mode, keyed-BLAKE2b for fast mode (256-bit key, 512-bit digest)
-- HKDF-SHA3-256 for deriving a subkey used with the MAC above, as well as a key for Serpent
+- Keyed-BLAKE2b for normal mode, HMAC-SHA3 for paranoid mode (256-bit key, 512-bit digest)
+- HKDF-SHA3 for deriving a subkey used with the MAC above, as well as a key for Serpent
 - Argon2id:
-    - Fast mode: 4 passes, 128 MiB memory, 4 threads
     - Normal mode: 4 passes, 1 GiB memory, 4 threads
     - Paranoid mode: 8 passes, 1 GiB memory, 8 threads
 
@@ -19,3 +18,6 @@ Picocrypt allows the use of keyfiles as an additional (or only) form of authenti
 If "Require correct order" is not checked, Picocrypt will take the SHA3 hash of each file individually, and XORs the hashes together. Finally, the result is XORed to the master key. Because the XOR operation is both commutative and associative, the order in which the keyfiles hashes are XORed to each other doesn't matter -- the end result is the same.
 
 If "Require correct order" is checked, Picocrypt will combine (concatenate) the files together in the order they were dropped into the window, and take the SHA3 hash of the combined keyfiles. If the order is not correct, the keyfiles, when appended to each other, will result in a different file, and therefore a different hash. Thus, the correct order of keyfiles is required to successfully decrypt the volume.
+
+# Header Format
+Work in progress...

README.md

@@ -1,7 +1,7 @@
 <p>English | <a href="/translations/french.md">Français</a> | <a href="/translations/spanish.md">Español</a> | <a href="/translations/german.md">Deutsch</a> | <a href="/translations/portuguese.md">Português</a> | <a href="/translations/turkish.md">Türkçe</a> | <a href="/translations/chinese.md">中文</a> | <a href="/translations/russian.md">русский</a> | <a href="/translations/hungarian.md">Magyar</a></p>
 <p align="center"><img align="center" src="/images/logo.svg" width="512" alt="Picocrypt"></p> 
 
-Picocrypt is a very small (hence <i>Pico</i>), very simple, yet very secure encryption tool that you can use to protect your files, generate checksums, and much more. It's designed to be the <i>go-to</i> tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the SHA3 hash function to provide a high level of security, even from three-letter agencies like the NSA. It's designed for maximal security, making absolutely no compromises security-wise, and is built with Go's standard x/crypto modules. <strong>Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.</strong>
+Picocrypt is a very small (hence <i>Pico</i>), very simple, yet very secure encryption tool that you can use to protect your files, generate checksums, and much more. It's designed to be the <i>go-to</i> tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2 key derivation function to provide a high level of security, even from three-letter agencies like the NSA. It's designed for maximal security, making absolutely no compromises security-wise, and is built with Go's standard x/crypto modules. <strong>Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.</strong>
 
 <p align="center"><img align="center" src="/images/screenshot.png" width="384" alt="Picocrypt"></p>
 
@@ -12,10 +12,10 @@ Please donate to Picocrypt on <a href="https://opencollective.com/picocrypt">Ope
 <strong>Important:</strong> There's an outdated and useless piece of abandonware called PicoCrypt on the Internet, which was last updated in 2005. PicoCrypt is not related in any way to Picocrypt (this project). Make sure you only download Picocrypt from this repository to ensure that you get the authentic and backdoor-free Picocrypt.
 
 ## Windows
-Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.21/Picocrypt.exe">here</a>. If Windows Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone.
+Picocrypt for Windows is as simple as it gets. To download the latest, standalone, and portable executable for Windows, click <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.22/Picocrypt.exe">here</a>. If Windows Defender or your antivirus flags Picocrypt as a virus, please do your part and submit it as a false positive for the betterment of everyone.
 
 ## macOS
-Picocrypt for macOS is very simple as well. Download Picocrypt <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.21/Picocrypt.app.zip">here</a>, extract the zip file, and run Picocrypt which is inside. If you can't open Picocrypt because it's not from a verified developer, right click on Picocrypt and hit "Open". If you still get the warning, right click on Picocrypt and hit "Open" again and you should be able to start Picocrypt.
+Picocrypt for macOS is very simple as well. Download Picocrypt <a href="https://github.com/HACKERALERT/Picocrypt/releases/download/1.22/Picocrypt.app.zip">here</a>, extract the zip file, and run Picocrypt which is inside. If you can't open Picocrypt because it's not from a verified developer, right click on Picocrypt and hit "Open". If you still get the warning, right click on Picocrypt and hit "Open" again and you should be able to start Picocrypt.
 
 ## Linux
 A Snap is available for Linux. Assuming you're on a Debian-based system, a simple `apt install snapd` and `snap install picocrypt` will be enough. For other distros such as Fedora, detailed instructions are available at https://snapcraft.io/picocrypt. Due to the complexity of dependencies and static linking, I don't distribute standalone .deb or .rpm binaries because they would be unreliable and not worth the hassle. Snapcraft manages all dependencies and runtimes automatically and is the recommended way to run Picocrypt on any major Linux distribution. Additionally, Snapcraft provides better security and containerization than Flatpaks and AppImages, which is important for an encryption tool like Picocrypt. If you would prefer not to deal with Canonical, remember that building from source is always an option.
@@ -27,7 +27,7 @@ Why should you use Picocrypt instead of BitLocker, NordLocker, VeraCrypt, AxCryp
 	<li>Picocrypt is <i>tiny</i>. While NordLocker is over 100MB and VeraCrypt is over 30MB, Picocrypt sits at just 3MB, about the size of a high-resolution photo. And that's not all - Picocrypt is portable (doesn't need to be installed) and doesn't require administrator/root privileges.</li>
 	<li>Picocrypt is easier and more productive to use than VeraCrypt. To encrypt files with VeraCrypt, you'd have to spend at least five minutes setting up a volume. With Picocrypt's simple UI, all you have to do is drag and drop your files, enter a password, and hit Start. All the complex procedures are handled by Picocrypt internally. Who said secure encryption can't be simple?</li>
 	<li>Picocrypt is designed for security. 7-Zip is an archive utility and not an encryption tool, so its focus is not on security. Picocrypt, however, is built with security as the number one priority. Every part of Picocrypt exists for a reason and anything that could impact the security of Picocrypt is removed. Picocrypt is built with cryptography you can trust.</li>
-	<li>Picocrypt authenticates data in addition to protecting it, preventing hackers from maliciously modifying sensitive data. This is useful when you are sending encrypted files over an insecure channel and want to be sure that it arrives untouched. Picocrypt uses HMAC-SHA3 for authenticity, which is a highly secure hash function in a well-known construction.</li>
+	<li>Picocrypt authenticates data in addition to protecting it, preventing hackers from maliciously modifying sensitive data. This is useful when you are sending encrypted files over an insecure channel and want to be sure that it arrives untouched.</li>
 	<li>Picocrypt actively protects encrypted header data from corruption by adding extra Reed-Solomon parity bytes, so if part of a volume's header (which contains important cryptographic components) corrupts (e.g., hard drive bit rot), Picocrypt can still recover the header and decrypt your data with a high success rate. Picocrypt can also encode the entire volume with Reed-Solomon to prevent any corruption to your important files.</li>
 </ul>
 
@@ -41,8 +41,7 @@ While being simple, Picocrypt also strives to be powerful in the hands of knowle
 	<li><strong>Password generator</strong>: Picocrypt provides a secure password generator that you can use to create cryptographically secure passwords. You can customize the password length, as well as the types of characters to include.</li>
 	<li><strong>File metadata</strong>: Use this to store notes, information, and text along with the file (it won't be encrypted). For example, you can put a description of the file you're encrypting before sending it to someone. When the person you sent it to drops the file into Picocrypt, your description will be shown to that person.</li>
 	<li><strong>Keyfiles</strong>: Picocrypt supports the use of keyfiles as an additional form of authentication. Not only can you use multiple keyfiles, but you can also require the correct order of keyfiles to be present, for a successful decryption to occur. A particularly good use case of multiple keyfiles is creating a shared volume, where each person holds a keyfile, and all of them (and their keyfiles) must be present in order to decrypt the shared volume.</li>
-	<li><strong>Fast mode</strong>: Using this mode will greatly speed up encryption/decryption. In this mode, BLAKE2b will be used to authenticate data instead of SHA3, and Argon2 parameters will be lowered. Doing this provides higher speeds, but at a lower security margin. If all you need to do is encrypt some low-sensitivity files, this option can be a useful and performant choice.</li>
-	<li><strong>Paranoid mode</strong>: Using this mode will encrypt your data with both XChaCha20 and Serpent in a cascade fashion. This is recommended for protecting top-secret files and provides the highest level of practical security attainable. In order for a hacker to crack your encrypted data, both the XChaCha20 cipher and the Serpent cipher must be broken, assuming you've chosen a good password.</li>
+	<li><strong>Paranoid mode</strong>: Using this mode will encrypt your data with both XChaCha20 and Serpent in a cascade fashion, and use HMAC-SHA3 to authenticate data instead of BLAKE2b. This is recommended for protecting top-secret files and provides the highest level of practical security attainable. In order for a hacker to crack your encrypted data, both the XChaCha20 cipher and the Serpent cipher must be broken, assuming you've chosen a good password.</li>
 	<li><strong>Prevent corruption using Reed-Solomon</strong>: This feature is very useful if you are planning to archive important data on a cloud provider or external medium for a long time. If checked, Picocrypt will use the Reed-Solomon error correction code to add 8 extra bytes for every 128 bytes to prevent file corruption. This means that up to ~3% of your file can corrupt and Picocrypt will still be able to correct the errors and decrypt your files with no corruption. Of course, if your file corrupts very badly (e.g., you dropped your hard drive), Picocrypt won't be able to fully recover your files, but it will try its best to recover what it can. Note that this option will slow down encryption and decryption considerably.</li>
 	<li><strong>Keep decrypted output even if it's corrupted or modified</strong>: Picocrypt automatically checks for integrity upon decryption. If the file has been modified or is corrupted, Picocrypt will automatically delete the output for the user's safety. If you want to keep the corrupted or modified data after decryption, check this option. Also, if this option is checked and the Reed-Solomon feature was used on the encrypted file, Picocrypt will attempt to recover as much of the file as possible during decryption.</li>
 	<li><strong>Split files into chunks</strong>: Don't feel like dealing with gargantuan files? No worries! With Picocrypt, you can choose to split your output file into custom-sized chunks, so large files can become more manageable and easier to upload to cloud providers. Simply choose a unit (KiB, MiB, or GiB) and enter your desired number for that unit. To decrypt the chunks, simply drag one of them into Picocrypt, and the chunks will be automatically recombined during decryption.</li>
@@ -53,8 +52,6 @@ In addition to these comprehensive options for encryption and decryption, Picocr
 # Security
 For more information on how Picocrypt handles cryptography, see <a href="Internals.md">Internals</a> for the technical details. If you're worried about the safety of me or this project, let me assure you that this repository won't be hijacked or backdoored. I have 2FA (TOTP) enabled on all accounts with a tie to Picocrypt (GitHub, Google, Reddit, Ubuntu One/Snapcraft, Discord, etc.), in addition to full-disk encryption on all of my portable devices. For further hardening, Picocrypt uses my isolated forks of dependencies and I fetch upstream only when I have taken a look at the changes and believe that there aren't any security issues. This means that if a dependency gets hacked or deleted by the author, Picocrypt will be using my fork of it and remain completely unaffected. You can feel confident about using Picocrypt.
 
-In the unlikely scenario that a security vulnerability is discovered, please draft a security advisory in the Security tab of this repository and I will fix it as soon as possible.
-
 # Community
 Here are some places where you can stay up to date with Picocrypt and get involved:
 <ul>
@@ -98,6 +95,7 @@ As well, a great thanks to these people, who have helped translate Picocrypt and
 	<li>@kurpau for Lithuanian</li>
 	<li>u/francirc for Spanish</li>
 	<li>yn for Russian</li>
+	<li>@Etim-Orb for Hungarian</li>
 </ul>
 
 Finally, thanks to these people for helping me out when needed:
@@ -106,4 +104,5 @@ Finally, thanks to these people for helping me out when needed:
 	<li>u/greenreddits for constant feedback and support</li>
 	<li>u/Tall_Escape for helping me test Picocrypt</li>
 	<li>u/NSABackdoors for doing plenty of testing</li>
+	<li>@samuel-lucas6 for feedback, suggestions, and support</li>
 </ul>

SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you notice a security vulnerability, please contact me privately <a href="https://evansu.cc/#contacts">here</a>. I don't have any bounties available, but I will put your name on the homepage as a thanks. Please do not create an Issue or post the vulnerability publicly, as it could be exploited by a hacker. Thank you.

internals/version.txt

@@ -1 +1 @@
-v1.21
+v1.22

src/Picocrypt.go

@@ -2,7 +2,7 @@ package main
 
 /*
 
-Picocrypt v1.21 
+Picocrypt v1.22
 Copyright (c) Evan Su (https://evansu.cc)
 Released under a GNU GPL v3 License
 https://github.com/HACKERALERT/Picocrypt
@@ -45,7 +45,7 @@ import (
 	"crypto/sha256"
 	"crypto/subtle"
 
-	"github.com/HACKERALERT/serpent"
+	"github.com/HACKERALERT/serpent" //v0.0.0-20210716182301-293b29869c66
 	"golang.org/x/crypto/argon2"
 	"golang.org/x/crypto/blake2b"
 	"golang.org/x/crypto/blake2s"
@@ -54,16 +54,16 @@ import (
 	"golang.org/x/crypto/sha3"
 
 	// UI
-	"github.com/HACKERALERT/giu"
+	"github.com/HACKERALERT/giu" //v0.5.7-0.20211216020632-65de69857557
 
 	// Reed-Solomon
-	"github.com/HACKERALERT/infectious"
+	"github.com/HACKERALERT/infectious" //v0.0.0-20211215232025-9d20874ad4b1
 
 	// Helpers
-	"github.com/HACKERALERT/clipboard"
-	"github.com/HACKERALERT/dialog"
-	"github.com/HACKERALERT/jibber_jabber"
-	"github.com/HACKERALERT/zxcvbn-go"
+	"github.com/HACKERALERT/clipboard"     //v0.1.5-0.20211215214929-7345ba96aeca
+	"github.com/HACKERALERT/dialog"        //v0.0.0-20211215220206-17f428aa513e
+	"github.com/HACKERALERT/jibber_jabber" //v0.0.0-20211215234401-c23e432f628b
+	"github.com/HACKERALERT/zxcvbn-go"     //v0.0.0-20210927200100-f131a4666ad5
 )
 
 //go:embed icon.png
@@ -92,7 +92,7 @@ var languages = []string{
 var languageSelected int32
 
 // Generic variables
-var version = "v1.21"
+var version = "v1.22"
 var window *giu.MasterWindow
 var windowOptimized bool
 var dpi float32
@@ -139,7 +139,6 @@ var metadataPrompt = "Metadata:"
 var metadataDisabled bool
 
 // Advanced options
-var fast bool
 var paranoid bool
 var reedsolo bool
 var deleteWhenDone bool
@@ -174,7 +173,6 @@ var showConfirmation bool
 // Reed-Solomon encoders
 var rs1, _ = infectious.NewFEC(1, 3) // 1 data shard, 3 total -> 2 parity shards
 var rs5, _ = infectious.NewFEC(5, 15)
-var rs6, _ = infectious.NewFEC(6, 18)
 var rs16, _ = infectious.NewFEC(16, 48)
 var rs24, _ = infectious.NewFEC(24, 72)
 var rs32, _ = infectious.NewFEC(32, 96)
@@ -182,6 +180,7 @@ var rs64, _ = infectious.NewFEC(64, 192)
 var rs128, _ = infectious.NewFEC(128, 136)
 
 // File checksum generator variables
+var csProgress float32
 var csMd5 string
 var csSha1 string
 var csSha256 string
@@ -195,7 +194,6 @@ var sha256Color = color.RGBA{0x00, 0x00, 0x00, 0x00}
 var sha3Color = color.RGBA{0x00, 0x00, 0x00, 0x00}
 var blake2bColor = color.RGBA{0x00, 0x00, 0x00, 0x00}
 var blake2sColor = color.RGBA{0x00, 0x00, 0x00, 0x00}
-var csProgress float32 = 0
 var md5Selected = true
 var sha1Selected = true
 var sha256Selected = true
@@ -542,21 +540,19 @@ func draw() {
 						giu.Label(s("Advanced:")),
 						giu.Custom(func() {
 							if mode != "decrypt" {
-								giu.Row(
-									giu.Checkbox(s("Use fast mode"), &fast),
-									giu.Dummy(-221, 0),
-									giu.Checkbox(s("Encode with Reed-Solomon"), &reedsolo),
-								).Build()
 								giu.Row(
 									giu.Checkbox(s("Use paranoid mode"), &paranoid),
 									giu.Dummy(-221, 0),
-									giu.Checkbox(s("Delete files when complete"), &deleteWhenDone),
+									giu.Checkbox(s("Encode with Reed-Solomon"), &reedsolo),
 								).Build()
 								giu.Row(
 									giu.Style().SetDisabled(!(len(allFiles) > 1 || len(onlyFolders) > 0)).To(
 										giu.Checkbox(s("Compress files"), &compress),
 									),
 									giu.Dummy(-221, 0),
+									giu.Checkbox(s("Delete files when complete"), &deleteWhenDone),
+								).Build()
+								giu.Row(
 									giu.Checkbox(s("Split every"), &split),
 									giu.InputText(&splitSize).Size(55/dpi).Flags(giu.InputTextFlagsCharsHexadecimal).OnChange(func() {
 										split = splitSize != ""
@@ -865,19 +861,18 @@ func draw() {
 					giu.Label(fmt.Sprintf(s("Picocrypt %s, created by Evan Su (https://evansu.cc/)."), version)),
 					giu.Label(s("Released under a GNU GPL v3 License.")),
 					giu.Label(s("A warm thank you to all the people listed below.")),
-					giu.Label(s("Patrons:")),
-					giu.Label("    - Frederick Doe"),
-					giu.Label(s("Donators:")),
+					giu.Label(s("Donors:")),
 					giu.Label("    - jp26"),
+					giu.Label("    - Tybbs"),
 					giu.Label("    - W.Graham"),
 					giu.Label("    - N. Chin"),
 					giu.Label("    - Manjot"),
 					giu.Label("    - Phil P."),
 					giu.Label("    - E. Zahard"),
 					giu.Label(s("Translators:")),
-					giu.Label("umitseyhan75, digitalblossom, zeeaall, francirc, kurpau"),
-					giu.Label(s("Other:")),
-					giu.Label("Fuderal, u/greenreddits, u/Tall_Escape, u/NSABackdoors"),
+					giu.Label("umitseyhan75, digitalblossom, zeeaall, kurpau, francirc, yn, Etim-Orb").Wrapped(true),
+					giu.Label(s("Others:")),
+					giu.Label("Fuderal, u/greenreddits, u/Tall_Escape, u/NSABackdoors, @samuel-lucas6").Wrapped(true),
 				),
 			).Build()
 		}),
@@ -1025,6 +1020,14 @@ func onDrop(names []string) {
 					fin.Close()
 					return
 				}
+				if string(tmp) == "v1.17" || string(tmp) == "v1.18" || string(tmp) == "v1.19" ||
+					string(tmp) == "v1.20" || string(tmp) == "v1.21" {
+					resetUI()
+					mainStatus = "Please use Picocrypt v1.21 to decrypt this file."
+					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
+					fin.Close()
+					return
+				}
 				tmp = make([]byte, 15)
 				fin.Read(tmp)
 				tmp, err = rsDecode(rs5, tmp)
@@ -1047,23 +1050,23 @@ func onDrop(names []string) {
 					metadata = s("Metadata is corrupted.")
 				}
 
-				flags := make([]byte, 18)
+				flags := make([]byte, 15)
 				fin.Read(flags)
 				fin.Close()
-				flags, err = rsDecode(rs6, flags)
+				flags, err = rsDecode(rs5, flags)
 				if err != nil {
 					mainStatus = "Input file is corrupt and cannot be decrypted."
 					mainStatusColor = color.RGBA{0xff, 0x00, 0x00, 0xff}
 					return
 				}
 
-				if flags[2] == 1 {
+				if flags[1] == 1 {
 					keyfile = true
 					keyfilePrompt = s("Keyfiles required.")
 				} else {
 					keyfilePrompt = s("Not applicable.")
 				}
-				if flags[5] == 1 {
+				if flags[2] == 1 {
 					keyfileOrderMatters = true
 				}
 			} else {
@@ -1245,7 +1248,7 @@ func work() {
 	stat, _ := os.Stat(inputFile)
 	total := stat.Size()
 	if mode == "decrypt" {
-		total -= 789
+		total -= 786
 	}
 
 	// XChaCha20's max message size is 256 GiB
@@ -1299,14 +1302,14 @@ func work() {
 			fout.Write(rsEncode(rs1, []byte{i}))
 		}
 
-		flags := make([]byte, 6)
-		if fast {
+		flags := make([]byte, 5)
+		if paranoid {
 			flags[0] = 1
 		}
-		if paranoid {
+		if len(keyfiles) > 0 {
 			flags[1] = 1
 		}
-		if len(keyfiles) > 0 {
+		if keyfileOrderMatters {
 			flags[2] = 1
 		}
 		if reedsolo {
@@ -1315,10 +1318,7 @@ func work() {
 		if total%1048576 >= 1048448 {
 			flags[4] = 1
 		}
-		if keyfileOrderMatters {
-			flags[5] = 1
-		}
-		flags = rsEncode(rs6, flags)
+		flags = rsEncode(rs5, flags)
 		fout.Write(flags)
 
 		// Fill salts and nonce with Go's CSPRNG
@@ -1377,11 +1377,10 @@ func work() {
 
 		fin.Read(make([]byte, metadataLength*3))
 
-		flags := make([]byte, 18)
+		flags := make([]byte, 15)
 		fin.Read(flags)
-		flags, err3 = rsDecode(rs6, flags)
-		fast = flags[0] == 1
-		paranoid = flags[1] == 1
+		flags, err3 = rsDecode(rs5, flags)
+		paranoid = flags[0] == 1
 		reedsolo = flags[3] == 1
 		padded = flags[4] == 1
 
@@ -1434,16 +1433,7 @@ func work() {
 
 	// Derive encryption/decryption keys and subkeys
 	var key []byte
-	if fast {
-		key = argon2.IDKey(
-			[]byte(password),
-			salt,
-			4,
-			131072,
-			4,
-			32,
-		)
-	} else if paranoid {
+	if paranoid {
 		key = argon2.IDKey(
 			[]byte(password),
 			salt,
@@ -1527,9 +1517,9 @@ func work() {
 		keyfileCorrect := true
 		var tmp bool
 
-		keyCorrect = !(subtle.ConstantTimeCompare(keyHash, _keyHash) == 0)
+		keyCorrect = subtle.ConstantTimeCompare(keyHash, _keyHash) != 0
 		if keyfile {
-			keyfileCorrect = !(subtle.ConstantTimeCompare(keyfileHash, _keyfileHash) == 0)
+			keyfileCorrect = subtle.ConstantTimeCompare(keyfileHash, _keyfileHash) != 0
 			tmp = !keyCorrect || !keyfileCorrect
 		} else {
 			tmp = !keyCorrect
@@ -1586,12 +1576,12 @@ func work() {
 	subkey := make([]byte, 32)
 	hkdf := hkdf.New(sha3.New256, key, hkdfSalt, nil)
 	hkdf.Read(subkey)
-	if fast {
-		// Keyed BLAKE2b
-		mac, _ = blake2b.New512(subkey)
-	} else {
+	if paranoid {
 		// HMAC-SHA3
 		mac = hmac.New(sha3.New512, subkey)
+	} else {
+		// Keyed BLAKE2b
+		mac, _ = blake2b.New512(subkey)
 	}
 
 	// Generate another subkey and cipher (not used unless paranoid mode is checked)
@@ -1757,7 +1747,7 @@ func work() {
 
 	if mode == "encrypt" {
 		// Seek back to header and write important data
-		fout.Seek(int64(312+len(metadata)*3), 0)
+		fout.Seek(int64(309+len(metadata)*3), 0)
 		fout.Write(rsEncode(rs64, keyHash))
 		fout.Write(rsEncode(rs32, keyfileHash))
 		fout.Write(rsEncode(rs64, mac.Sum(nil)))
@@ -2032,7 +2022,6 @@ func resetUI() {
 	split = false
 	splitSize = ""
 	splitSelected = 1
-	fast = false
 	deleteWhenDone = false
 	paranoid = false
 	compress = false

src/README.md

@@ -4,7 +4,7 @@ If you would like to run Picocrypt from source, or an executable isn't available
 # 1. Prerequisites
 Linux:
 ```bash
-apt install -y gcc make libx11-dev libxcursor-dev libxrandr-dev libxinerama-dev libxi-dev libgl1-mesa-dev libxxf86vm-dev libgtk-3-dev xdg-utils libglu1-mesa xclip
+apt install -y gcc libx11-dev libxcursor-dev libxrandr-dev libxinerama-dev libxi-dev libgl1-mesa-dev libxxf86vm-dev libgtk-3-dev libglu1-mesa xclip
 ```
 macOS:
 ```bash

src/go.mod

@@ -3,19 +3,18 @@ module Picocrypt
 go 1.17
 
 require (
-	github.com/HACKERALERT/clipboard v0.1.5-0.20210716140604-61d96bf4fc94 // indirect
-	github.com/HACKERALERT/dialog v0.0.0-20210716143851-223edea1d840 // indirect
-	github.com/HACKERALERT/giu v0.5.7-0.20211027224501-6357f8997cac // indirect
-	github.com/HACKERALERT/gl v0.0.0-20211027194356-838f5789a406 // indirect
-	github.com/HACKERALERT/glfw/v3.3/glfw v0.0.0-20211027203414-1b9369ce24d2 // indirect
-	github.com/HACKERALERT/go-findfont v0.0.0-20211027212021-2e5a409c1318 // indirect
-	github.com/HACKERALERT/imgui-go v1.12.1-0.20211027214916-5870dfea82b0 // indirect
-	github.com/HACKERALERT/infectious v0.0.0-20211027225427-984efcfa77a9 // indirect
-	github.com/HACKERALERT/jibber_jabber v0.0.0-20210819210536-54a4d27b5376 // indirect
+	github.com/HACKERALERT/clipboard v0.1.5-0.20211215214929-7345ba96aeca // indirect
+	github.com/HACKERALERT/dialog v0.0.0-20211215220206-17f428aa513e // indirect
+	github.com/HACKERALERT/giu v0.5.7-0.20211216020632-65de69857557 // indirect
+	github.com/HACKERALERT/gl v0.0.0-20211216002416-e8bf2db61361 // indirect
+	github.com/HACKERALERT/glfw/v3.3/glfw v0.0.0-20211216001154-d0da149b3bef // indirect
+	github.com/HACKERALERT/imgui-go v1.12.1-0.20211216003024-285d689cbdfc // indirect
+	github.com/HACKERALERT/infectious v0.0.0-20211215232025-9d20874ad4b1 // indirect
+	github.com/HACKERALERT/jibber_jabber v0.0.0-20211222174950-71570b6ee48b // indirect
 	github.com/HACKERALERT/mainthread v0.0.0-20211027212305-2ec9e701cc14 // indirect
 	github.com/HACKERALERT/serpent v0.0.0-20210716182301-293b29869c66 // indirect
-	github.com/HACKERALERT/w32 v0.0.0-20210716142531-faa7189c4abf // indirect
+	github.com/HACKERALERT/w32 v0.0.0-20211215215707-4b84c2675d8d // indirect
 	github.com/HACKERALERT/zxcvbn-go v0.0.0-20210927200100-f131a4666ad5 // indirect
-	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
-	golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359 // indirect
+	golang.org/x/crypto v0.0.0-20211215165025-cf75a172585e // indirect
+	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
 )

src/go.sum

@@ -1,36 +1,31 @@
-github.com/HACKERALERT/clipboard v0.1.5-0.20210716140604-61d96bf4fc94 h1:FNwFtZlPggOVFxx1IvUtBfCGZBR7OMhsmXygJAVHkzg=
-github.com/HACKERALERT/clipboard v0.1.5-0.20210716140604-61d96bf4fc94/go.mod h1:kkjR9AGvIlIUJdjd/CBL1VfQvyPDE5kL31rAzY/r0s4=
-github.com/HACKERALERT/dialog v0.0.0-20210716143851-223edea1d840 h1:7He527vRG3S8tVQHu+ZGl4cJ46JhjDk4/Iu1PevcE+Q=
-github.com/HACKERALERT/dialog v0.0.0-20210716143851-223edea1d840/go.mod h1:oeUTfMKn6HhRJ+Lguhk21YAvURR/yk4OkeVcrHpUKbM=
-github.com/HACKERALERT/giu v0.5.7-0.20211027223400-815bf822aada h1:IwNXnaf7iL3PaDcgJXCJsDyxZHGkpI7H5QQqvbJUBz4=
-github.com/HACKERALERT/giu v0.5.7-0.20211027223400-815bf822aada/go.mod h1:zm4+x/08BnL7sAwOXqyYbaT0qT4x1FbPPeDQqKRKLhY=
-github.com/HACKERALERT/giu v0.5.7-0.20211027224501-6357f8997cac h1:8z+sBiBisd96Cf1nI+bikh4bxtmt91Zom52dlz8x8XA=
-github.com/HACKERALERT/giu v0.5.7-0.20211027224501-6357f8997cac/go.mod h1:/YCfEOyzu2UlGfOjh41QDQYe1UYCWfj09pD2nXkennk=
-github.com/HACKERALERT/gl v0.0.0-20211027194356-838f5789a406 h1:87NS0Fx0EkDPxyDmKad2951/aMJRP2mIiJ3G6jzJI+8=
-github.com/HACKERALERT/gl v0.0.0-20211027194356-838f5789a406/go.mod h1:ZUosVzfEKNGLMLk6aj9yo0FSAhWWsbTMjuzeIUXniB0=
-github.com/HACKERALERT/glfw/v3.3/glfw v0.0.0-20211027203414-1b9369ce24d2 h1:iuBfCfVs/+LcGafOUDXNqFr7d+5Xh5f6Yovl9gK5xG4=
-github.com/HACKERALERT/glfw/v3.3/glfw v0.0.0-20211027203414-1b9369ce24d2/go.mod h1:aP+FSN9tk1W3UsQisFWxRLQ4WOF7T3niq68UYw0B150=
-github.com/HACKERALERT/go-findfont v0.0.0-20211027212021-2e5a409c1318 h1:2MNs2kJfnojX01dYJFPtD//0Z03nF9mkMrsKLFvUjqc=
-github.com/HACKERALERT/go-findfont v0.0.0-20211027212021-2e5a409c1318/go.mod h1:L2Y9eyXVqwA6v+8o5lVm7vM1eokEvpZN5R1CYSp9vW4=
-github.com/HACKERALERT/imgui-go v1.12.1-0.20211027214916-5870dfea82b0 h1:DndFdVvbiyzO4sajMFQ25zwuk5pWPg7DTO5EdfdjaRw=
-github.com/HACKERALERT/imgui-go v1.12.1-0.20211027214916-5870dfea82b0/go.mod h1:778OLTsdd7wS4LLtskqROtc93vnzueQ2Y/JMYzHQHiY=
-github.com/HACKERALERT/infectious v0.0.0-20211027211519-a810ec917770 h1:oWNxph0qM9CzPww04luj8HJufveToD+VjbESPVhvWw4=
-github.com/HACKERALERT/infectious v0.0.0-20211027211519-a810ec917770/go.mod h1:gTfGH7xorTbSHZQZJ/HQBOp18E97v7zDquA2HcI9fgc=
-github.com/HACKERALERT/infectious v0.0.0-20211027225427-984efcfa77a9 h1:SwsesmigJhD95MYv5RTkPNvICy3bdOdKX/xbeN8Z+64=
-github.com/HACKERALERT/infectious v0.0.0-20211027225427-984efcfa77a9/go.mod h1:m3JCdt8lI79U7J+QavACBRIJBxTaih+2feAHRFq82Wg=
-github.com/HACKERALERT/jibber_jabber v0.0.0-20210819210536-54a4d27b5376 h1:8FNjZ8C+WOKpOlQe9vaTq3vBGC7zuFWCVvzkEE6DOHs=
-github.com/HACKERALERT/jibber_jabber v0.0.0-20210819210536-54a4d27b5376/go.mod h1:LhYTEuww35ooZaTD3BIjp9CyZqwv++gAnanWXKdiWJ8=
+github.com/HACKERALERT/clipboard v0.1.5-0.20211215214929-7345ba96aeca h1:yZj12M2feFkat7l0r7s7QnKjJ4Q6UZOwVHroR4kQ4Nk=
+github.com/HACKERALERT/clipboard v0.1.5-0.20211215214929-7345ba96aeca/go.mod h1:kkjR9AGvIlIUJdjd/CBL1VfQvyPDE5kL31rAzY/r0s4=
+github.com/HACKERALERT/dialog v0.0.0-20211215220206-17f428aa513e h1:3tBZg/OOLNsQrSf5gZc8y3fXiHVxl+kg/iTs0maa0BA=
+github.com/HACKERALERT/dialog v0.0.0-20211215220206-17f428aa513e/go.mod h1:GxPIEf2nKp6Gx+sdpjwTdFIGmW5kj6Jta7rRO50TgpU=
+github.com/HACKERALERT/giu v0.5.7-0.20211216020632-65de69857557 h1:2vQfSuzTUDTQKv68HQbic5uJWa1qOBvzHJ3Rngo/70Q=
+github.com/HACKERALERT/giu v0.5.7-0.20211216020632-65de69857557/go.mod h1:rq+zzA8hlxAiO0ryOTMuPPm4d2Y4bUx5JRmIfp0fdqQ=
+github.com/HACKERALERT/gl v0.0.0-20211216002416-e8bf2db61361 h1:NMPzcOu/LpfEUf0wRZlayjlU0345ujYOWZbVKsfL6g4=
+github.com/HACKERALERT/gl v0.0.0-20211216002416-e8bf2db61361/go.mod h1:ZUosVzfEKNGLMLk6aj9yo0FSAhWWsbTMjuzeIUXniB0=
+github.com/HACKERALERT/glfw/v3.3/glfw v0.0.0-20211216001154-d0da149b3bef h1:MWA48bM0uKSblAiB51YtMDWEBhJtX+s3HcjlUN7o8cE=
+github.com/HACKERALERT/glfw/v3.3/glfw v0.0.0-20211216001154-d0da149b3bef/go.mod h1:aP+FSN9tk1W3UsQisFWxRLQ4WOF7T3niq68UYw0B150=
+github.com/HACKERALERT/imgui-go v1.12.1-0.20211216003024-285d689cbdfc h1:40aJqXAQbh6KjMN1QEzmPrwcNYCJsJH4uGS+nDa+k4Q=
+github.com/HACKERALERT/imgui-go v1.12.1-0.20211216003024-285d689cbdfc/go.mod h1:Yo2L7QsU7d+Y6+Uput8+3AHYji0EFojRg4Sokun4Xb0=
+github.com/HACKERALERT/infectious v0.0.0-20211215232025-9d20874ad4b1 h1:+Qp4t5OHvokaLdZO7Y1i7pX+i85kNtrHRzCg7S+Lj/s=
+github.com/HACKERALERT/infectious v0.0.0-20211215232025-9d20874ad4b1/go.mod h1:Nr/zKoJunuzBaGVWwWRNz9F2D3iEXuBNWjRu3tgunYI=
+github.com/HACKERALERT/jibber_jabber v0.0.0-20211215234401-c23e432f628b h1:/oowRlgjIPB9nTJGoRssumobxLz0q0GL5Sump5Wf3Vo=
+github.com/HACKERALERT/jibber_jabber v0.0.0-20211215234401-c23e432f628b/go.mod h1:LhYTEuww35ooZaTD3BIjp9CyZqwv++gAnanWXKdiWJ8=
+github.com/HACKERALERT/jibber_jabber v0.0.0-20211222174950-71570b6ee48b h1:Rl9dd3fhAtzbIE4AJeU2x4gwI0dHA1kXsn9v0AZJDOE=
+github.com/HACKERALERT/jibber_jabber v0.0.0-20211222174950-71570b6ee48b/go.mod h1:LhYTEuww35ooZaTD3BIjp9CyZqwv++gAnanWXKdiWJ8=
 github.com/HACKERALERT/mainthread v0.0.0-20211027212305-2ec9e701cc14 h1:DwWXverhu/dEsPM/GPykuHGh4SxW69DaGZL5t3fANG4=
 github.com/HACKERALERT/mainthread v0.0.0-20211027212305-2ec9e701cc14/go.mod h1:jW534e7roGur9mmzAfPxZLQzKXZ+GE5+XeS7PSyqPbo=
 github.com/HACKERALERT/serpent v0.0.0-20210716182301-293b29869c66 h1:YDpFq+y6mRcu97rn/rhYg8u8FdeO0wzTuLgM2gVkA+c=
 github.com/HACKERALERT/serpent v0.0.0-20210716182301-293b29869c66/go.mod h1:d/+9q3sIxtIyOgHNgFGr3yGBKKVn5h3vL4hV1qlmoLs=
-github.com/HACKERALERT/w32 v0.0.0-20210716142531-faa7189c4abf h1:L25UAtgOR6GC0TrLxaIx1Q3vUhd3SilulIPuEw+PkxI=
-github.com/HACKERALERT/w32 v0.0.0-20210716142531-faa7189c4abf/go.mod h1:S+3Ad2AEm5MhhuHJeAaXUmyAXON0qFDxcP/Chw8q7+Y=
+github.com/HACKERALERT/w32 v0.0.0-20211215215707-4b84c2675d8d h1:Ey0tgsr4MbX64pkl7Di26yUUQGG3mmZw8gUWqhQeW5g=
+github.com/HACKERALERT/w32 v0.0.0-20211215215707-4b84c2675d8d/go.mod h1:S+3Ad2AEm5MhhuHJeAaXUmyAXON0qFDxcP/Chw8q7+Y=
 github.com/HACKERALERT/zxcvbn-go v0.0.0-20210927200100-f131a4666ad5 h1:cIW3wwoeZ6zru8VhdoGlZAinG+6ObzHx7BgQxUfhF34=
 github.com/HACKERALERT/zxcvbn-go v0.0.0-20210927200100-f131a4666ad5/go.mod h1:nykydiYjCDMkF/2vQXSPM38vR5N9W1DITHvupnN+eOk=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359 h1:2B5p2L5IfGiD7+b9BOoRMC6DgObAVZV+Fsp050NqXik=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/crypto v0.0.0-20211215165025-cf75a172585e h1:1SzTfNOXwIS2oWiMF+6qu0OUDKb0dauo6MoDUQyu+yU=
+golang.org/x/crypto v0.0.0-20211215165025-cf75a172585e/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
+golang.org/x/sys v0.0.0-20211215211219-4abf325e0275/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

src/snap/gui/picocrypt.desktop

@@ -1,5 +1,5 @@
 [Desktop Entry]
-Version=1.21
+Version=1.22
 Encoding=UTF-8
 Type=Application
 Terminal=false

src/snapcraft.yaml

@@ -1,7 +1,7 @@
 name: picocrypt
 summary: A very small, very simple, yet very secure encryption tool.
-description: Picocrypt is a very small, very simple, yet very secure encryption tool that you can use to protect your files, generate checksums, and much more. It's designed to be the go-to tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the SHA3 hash function to provide a high level of security, even from three-letter agencies like the NSA. It's designed for maximal security, making absolutely no compromises security-wise, and is built with Go's standard x/crypto modules. Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.
-version: "1.21"
+description: Picocrypt is a very small, very simple, yet very secure encryption tool that you can use to protect your files, generate checksums, and much more. It's designed to be the go-to tool for encryption, with a focus on security, simplicity, and reliability. Picocrypt uses the secure XChaCha20 cipher and the Argon2 key derivation function to provide a high level of security, even from three-letter agencies like the NSA. It's designed for maximal security, making absolutely no compromises security-wise, and is built with Go's standard x/crypto modules. Your privacy and security is under attack. Take it back with confidence by protecting your files with Picocrypt.
+version: "1.22"
 confinement: strict
 base: core20
 grade: stable
@@ -20,7 +20,6 @@ parts:
     source: .
     build-packages:
       - gcc
-      - make
       - libx11-dev
       - libxcursor-dev
       - libxrandr-dev
@@ -30,10 +29,8 @@ parts:
       - libxxf86vm-dev
       - libgtk-3-dev
     stage-packages:
-      - xclip
-      - xdg-utils
       - libglu1-mesa
-      - language-pack-en-base
+      - xclip
     after:
       - desktop-glib-only
   desktop-glib-only:

src/unstable/README.md

@@ -1 +0,0 @@
-This is the latest and in-development version of Picocrypt. It might be unstable (and might not even work), as it will have new fixes and features, so I recommend you not use any file in here for production.