[voiper1]

I'm liking croc with a CLI on each end.

[psanford]

croc just had multiple major vulnerabilities discovered that required protocol breaking changes to fix: https://redrocket.club/posts/croc/

[anaganisk]

So fixed right?

[basemi]

So it seems: https://schollz.com/blog/croc9/

[psanford]

You should be wary of projects that claim to be secure but have a history of game over vulnerabilities.

[anaganisk]

Crypto is hard, it doesn't wrongly claim its secure. Its a one man show. Isn't that where beauty of open-source lies? Some students were able to get a bug(purposeful) into linux to show how easy it was. Or even the example of Openssl after heart bleed. Some fresh set of eyes look into the code, things get fixed. We have a log of it, developers learn something, and project moves ahead.

[psanford]

As I was saying... another vulnerability was found in croc's Spake implementation in the last day: https://mailarchive.ietf.org/arch/msg/cfrg/icl1AGo62iq8vQM3-...