Considering that a small deviation from a cryptographic protocol could fully turn cipher text to plaintext in a revered tool frequently recommended in HN:
I don't know anything about croc, I haven't looked carefully at it, and don't recommend it (or have any opinion on it). Lots of smart people have looked at Magic Wormhole, which is one of the things that makes it neat.
This is a great way to make sure there are no alternatives to Magic Wormhole. If this attitude was common in web browsers, we would only have one software of its kind in every category. No choice for users whatsoever.
What's a good way to make sure of it? Not having any opinion of it, because I haven't looked at it?
There are a lot of alternatives to Magic Wormhole. Unfortunately, most of them are pretty sketchy. One thing I can say about Magic Wormhole: it's not sketchy.
This sounds like a slippery slope. No one is saying not to try anything else, they're saying to make sure and use stuff that is more likely to be safe. In the case of web browsers, we do only use like 4 or 5 out of thousands.
Since not everyone will click the link and read to the end of the post, it seemed worth pointing out that the vulnerability being commented on here was fixed: https://schollz.com/blog/croc9/
https://redrocket.club/posts/croc/
I would hesitate a bit before rushing to use cool kids’ software (until it’s sufficiently proven).