[tialaramex]

FWIW I'd be much more comfortable recommending Magic Wormhole if the default was tweaked to give bad guys only say 1-in-2^32 or worse chance of success.

It's roughly the same reasoning as for your Windows GUI argument. This tool is now very suitable for people who understand what it does, but it is not yet well adjusted for users who lack that understanding.

Today - when most Magic Wormhole users can probably explain what a PAKE is - if you attack a Magic Wormhole transfer and cause errors (by guessing wrong) those users will react by increasing the length of the Wormhole code. But if we popularize it without fixing this default, do you think my sister knows to do that?

[dathinab]

But in a certain way this thinks are aspects of the magic wormhole CLI not the underlying tech.

It should be trivial to increase security on failed attempts or use a higher default security for an GUI frontend.

The CLI is clearly meant for somewhat technical versatile users (I mean it's a CLI) so I think it's normal to do some aprons when targeting other user groups. E.g. adding explanations over some aspects atonal to the thinks I already mentioned is quite doable for a GUI.