[bscphil]

That's right. But you'd have to attack an extraordinary number of transfers to have even a small chance of managing to get one by luck, and an attack of that scale would very quickly become obvious since everyone would have their transfers interrupted. I agree with you in principle though, I'd like to see just a bit more entropy.

[lioeters]

> a bit more entropy

The appropriate use of "bit" here made me smile.

[Dangeranger]

Increasing the passphrase to four words would bring the odds up to 1 / 6,990,080,303,376. In magic-tunnel I believe there is a flag to change the number of words used by default. It appears that schollz/croc allows you to use your own passphrase, but not increase the default word size, that would be a good feature request.

[bscphil]

You're quite right, of course, but keep in mind that magic-wormhole is using a much smaller wordlist, and in fact only has 1 / 65536 odds by default. The people writing software in this space don't seem to believe this is a credible threat.

[psanford]

You can use whatever string you want as the passphrase for Magic Wormhole, the receiver just won't get tab completion.

[Dangeranger]

How would tab completion work in a situation like this? Are the clients exchanging information about the passphrase over the same communication channel?