[throwaway67114]

croc probably shouldn't be used if you want security:

[1] https://news.ycombinator.com/item?id=27054885

[2] https://twitter.com/Sc00bzT/status/1396199915638992896

Magic Wormhole has a good implementation in Go, which is compatible with the original Python implementation (croc is not compatible with magic wormhole). It has windows binary and binaries for most of the popular OS.

https://github.com/psanford/wormhole-william

Binaries: https://github.com/psanford/wormhole-william/releases

There's GUI: https://github.com/Jacalz/wormhole-gui

Android app too: https://github.com/psanford/wormhole-william-mobile

Support for resuming transfers is planned I think.

[tobias2014]

In a sense it is good when people actually check opensource software for security vulnerabilities, and these get fixed, no? There would only be reason of concern if a project shows overall continued sloppiness, but I'm not aware of that for croc. Correct me if I'm wrong.

[exadeci]

They seem to be sloppy: >The only thing I know about croc is that they misread a SPAKE2 description and it was very broken (https://github.com/schollz/pake/commit/04729caa1862a96ce3aef...) while also not knowing how long private keys should be