[pmccarren]

I'm a huge fan of croc[0]. Very similar to Magic Wormhole, but a bit more flexible and written in go.

Straight from the README:

> croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is the only CLI file-transfer tool that does all of the following:

- allows any two computers to transfer data (using a relay)

- provides end-to-end encryption (using PAKE)

- enables easy cross-platform transfers (Windows, Linux, Mac)

- allows multiple file transfers

- allows resuming transfers that are interrupted

- local server or port-forwarding not needed

- ipv6-first with ipv4 fallback

- can use proxy, like tor

refs:

[0]https://github.com/schollz/croc

[throwaway67114]

croc probably shouldn't be used if you want security:

[1] https://news.ycombinator.com/item?id=27054885

[2] https://twitter.com/Sc00bzT/status/1396199915638992896

Magic Wormhole has a good implementation in Go, which is compatible with the original Python implementation (croc is not compatible with magic wormhole). It has windows binary and binaries for most of the popular OS.

https://github.com/psanford/wormhole-william

Binaries: https://github.com/psanford/wormhole-william/releases

There's GUI: https://github.com/Jacalz/wormhole-gui

Android app too: https://github.com/psanford/wormhole-william-mobile

Support for resuming transfers is planned I think.

[tobias2014]

In a sense it is good when people actually check opensource software for security vulnerabilities, and these get fixed, no? There would only be reason of concern if a project shows overall continued sloppiness, but I'm not aware of that for croc. Correct me if I'm wrong.

[exadeci]

They seem to be sloppy: >The only thing I know about croc is that they misread a SPAKE2 description and it was very broken (https://github.com/schollz/pake/commit/04729caa1862a96ce3aef...) while also not knowing how long private keys should be

[WhatIsDukkha]

Sadly croc lacks "wormhole ssh invite" which is about 90% of my use of wormhole.

[CobrastanJorji]

That sounds super useful, but I don't see it mentioned in the documentation anywhere. I found it in the source code, though. Looks like it allows a remote user to add credentials to an authorized_keys file?

[WhatIsDukkha]

From the docs -

""" wormhole ssh --help Usage: wormhole ssh [OPTIONS] COMMAND [ARGS]...

  Facilitate sending/receiving SSH public keys

Options: --help Show this message and exit.

Commands: accept Send your SSH public-key In response to a 'wormhole ssh invite'... invite Add a public-key to a ~/.ssh/authorized_keys file """

[psanford]

Croc has a history of major security vulnerabilities.

[qrv3w]

croc maintainer here: like mentioned from the throwaway account above - yes, this is true that there was a recent major vulnerability. [1] It was fixed within a week [2], so I guess it is also true that croc has a history of fixing vulnerabilities, rather quickly. I should hope this means that security is taken seriously.

Anyways, croc is pretty similar to wormhole except that it allows resuming files (which wormhole does not yet [3]) and has some peer discovery for local network transfers. I've been using croc everyday for over three years and I'm still very happy with it. But, you should totally use magic-wormhole if that floats your boat - its a great tool, along with psanford's Go version. That may help me actually as I think croc has too many users on the public relay and the cost of bandwidth is becoming too high to keep the public relay available after this year.

[1]: https://redrocket.club/posts/croc/

[2]: https://schollz.com/blog/croc9/

[3]: https://github.com/magic-wormhole/magic-wormhole/issues/88

[drakenot]

I just wanted to thank you for creating and maintaining the croc infrastructure. I get a ton of value out of your utility.

[mycall]

Is it hard to put the public relay onto some distributed network, like matrix or ipfs? That might scale the bandwidth issue for less cost.

[Encybe]

same, using croc quite often, love it. I thought you didn't need donation anymore due to DigitalOcean hosting some relays for free?

[qrv3w]

The free hosting from DigitalOcean is for one year and ends on 12/31 this year. After that the public relay will cost me over $70/month (or maybe more, as that's the current cost covered but it continues to grow). I cannot afford that so around that time I'll try to get donations.