FYI: Is this potentially vulnerable? (CVE-2021-31603)

[IljaN]

Croc Full Plaintext Recovery https://redrocket.club/posts/croc/

[saljam]

Thanks for sharing the link! It's a good read. Croc's post about fixing the issues discovered is also here: https://schollz.com/blog/croc9/

The PAKE we use is CPace instead of SPAKE2. Specifically, the filippo.io/cpace implementation. By my reading today, I don't believe an analogous vulnerability applies here. That said, I'll leave this open until I hear back from second opinion. :)