No, it is a static unchangeable password. Graft can't "manage" user accounts, it just has one user with password. It does not support keyfiles or other authentication mechanisms.
I wrote graft to have a simple portable tool for transfering files in a network without shares - the main idea behind it was to run:
graft serve myfiles/*.txt
on the server side and then
graft receive
on the client side without having to remember the ip or hostname - because zeroconf / mdns is used, it will find the server automatically, if the network is not too big. If there is more than one server, it will prompt you to choose the right one.
I only used SFTP, because it is a secure way to transfer files over the network.
> graft will prompt for a password, run an sftp server and promote it via zeroconf.
Is that a one time password that will be used by the "receiver" to download the file?