Naming for related tools

[njhuffman]

I would like to try my hand at creating some tools compatible with picocrypt and will need to name them. On one hand, I'd like the name to show it's related to picocrypt. On the other hand, I want to be sufficiently clear that the tools are not maintained or supported by picocrypt. Do you have any preferences or requests I should consider?

The tools I have in mind are:

• android app. This is my real motivation.
• ios app. Mainly if I can get it "for free" from the android app
• public backend in go that exposes encrypt/decrypt functions compatible with picocrypt. I will need to rewrite the implementation to separate out the GUI. This will serve as the backend of the mobile app.

Some names I have come up with so far are picovault and picocryptCE (community edition). I am looking for feedback along the lines of "no opinion, do whatever you want" or "I'd prefer if you left 'pico' out of it", etc.

[BigPanda97]

I guess an iOS app is probably impossible due to the astronomical paranoid Argon2 parameter choices. Apple strictly limits how much RAM an App can use.

[HACKERALERT]

That sounds exciting! Yes, please feel free to call it Picocrypt CE/Next/Remix or something like that. As long as you don't claim it's the official repository anywhere and link back to the official repository somewhere, I really don't mind how you name it or what you do. If you do make some progress, please send me your repository link; if it's "good enough" for general or even experimental use, I would be happy to link it in the README as a potential community-led continuation of the project.

If you need any help code wise, feel free to create issues as well and I'll do my best to help, though expect some latency :)

On Fri, May 31, 2024, 9:59 a.m. Nathan Huffman @.***> wrote:

I would like to try my hand at creating some tools compatible with picocrypt and will need to name them. On one hand, I'd like the name to show it's related to picocrypt. On the other hand, I want to be sufficiently clear that the tools are not maintained or supported by picocrypt. Do you have any preferences or requests I should consider?

The tools I have in mind are:

• android app. This is my real motivation.
• ios app. Mainly if I can get it "for free" from the android app
• public backend in go that exposes encrypt/decrypt functions compatible with picocrypt. I will need to rewrite the implementation to separate out the GUI. This will serve as the backend of the mobile app.

Some names I have come up with so far are picovault and picocryptCE (community edition). I am looking for feedback along the lines of "no opinion, do whatever you want" or "I'd prefer if you left 'pico' out of it", etc.

— Reply to this email directly, view it on GitHub https://github.com/HACKERALERT/Picocrypt/issues/185, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALUMDTCW4O7UGZK3GU23Y73ZFB647AVCNFSM6AAAAABIS33FGGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMZDOOJQHAYDOOI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[HACKERALERT]

Also, you can look at the CLIv2 for most of the code that you may need if you are using Go and don't want any GUI code to deal with. It doesn't support keyfiles and some other niche features, but it has the most important things like paranoid mode and RS, so it might be easier to create some sort of interface from than the GUI app source.

On Fri, May 31, 2024, 9:59 a.m. Nathan Huffman @.***> wrote:

I would like to try my hand at creating some tools compatible with picocrypt and will need to name them. On one hand, I'd like the name to show it's related to picocrypt. On the other hand, I want to be sufficiently clear that the tools are not maintained or supported by picocrypt. Do you have any preferences or requests I should consider?

The tools I have in mind are:

• android app. This is my real motivation.
• ios app. Mainly if I can get it "for free" from the android app
• public backend in go that exposes encrypt/decrypt functions compatible with picocrypt. I will need to rewrite the implementation to separate out the GUI. This will serve as the backend of the mobile app.

Some names I have come up with so far are picovault and picocryptCE (community edition). I am looking for feedback along the lines of "no opinion, do whatever you want" or "I'd prefer if you left 'pico' out of it", etc.

— Reply to this email directly, view it on GitHub https://github.com/HACKERALERT/Picocrypt/issues/185, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALUMDTCW4O7UGZK3GU23Y73ZFB647AVCNFSM6AAAAABIS33FGGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMZDOOJQHAYDOOI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[njhuffman]

Thanks, definitely starting with cli v2. It'll be my first time working with go, so likely just moving logic around to get something basic.

Apple limiting the ram is interesting, I haven't used paranoid mode on Android with termux yet, might be a good sanity check that it is reasonable to run on mobile. Or at least notify users that this might a while. Same goes for large files.

[HACKERALERT]

Exciting news, I've created a Picocrypt organization (github.com/Picocrypt) and we can work under there in the future. My hope is to eventually migrate Picocrypt into github.com/Picocrypt/Picocrypt so it doesn't depend on me and my limited time and effort won't drag the project down, since I'm sure there are lots of talented people who can write code and are willing to contribute to Picocrypt.

I will start adding members with write access to the organization and write some important policies to ensure security. For now though, @njhuffman if you want to work in something like github.com/Picocrypt/Experiments or something like that, let me know and I can set you up. If you want to work privately under your username, feel free as well. Meanwhile, @BigPanda97 I've seen you around for a while. Interested in becoming a member in the new Picocrypt organization? You'll get write access and can add other members if they qualify (more info later). Everything is very abstract at this stage, but if you're interested, let me know.

[HACKERALERT]

@hakavlad if you want to be a member of the new organization, let me know. You don't have to do anything at all, I'm just looking for a few relatively trusted people to have some access to the repos I will create.

[hakavlad]

Thanks. Accepting a large number of members into an organization increases the attack surface if one of the members is compromised. I guess accepting me into the organization won't make Picocrypt any safer.

[HACKERALERT]

@hakavlad Indeed, which is why I'll keep my own repository for people who are paranoid. But I don't want Picocrypt to stop at where I left it, so I do want some way to have it continue to be developed by the community. Of course, figuring out how to securely have collaborators is a bit of a difficult question. Any suggestions?

[HACKERALERT]

One obvious way is to require 3 approving reviews before a PR can be merged. As well as giving members write access but not giving anyone admin access.

[HACKERALERT]

Continuing https://github.com/orgs/Picocrypt/discussions/6

[BigPanda97]

@HACKERALERT

Meanwhile, @BigPanda97 I've seen you around for a while. Interested in becoming a member in the new Picocrypt organization?

Yes, sounds like a good idea. I'm mainly programming in Java, and Java would be needed anyways for the Android app.

[HACKERALERT]

@BigPanda97 Cool, invited to you be a member. You'll have write access, though you won't be able to write anything at the moment because I have protections that require 3 approvals for PRs and there's only 2 members, you and me 😄 There's a lot to figure out and it's my first time with it as well, so bear with me haha. And no pressure to do anything at all, even you just being a member means there's someone who can approve a PR change in a click if need be

[njhuffman]

I'd be interested in joining the organization. Would be cool to see what other people are interested in