Nostr Web Client

I'm curious to hear your thoughts on multi-guardian security, where email could be just one of the options. This would open the door to "social recovery", which I think is probably the best recovery method for non-technical people.

I'm not entirely sure how to implement this into Nostr, but maybe it's worth exploring?

https://www.ready.co/learn/what-is-social-recovery

https://vitalik.eth.limo/general/2021/01/11/recovery.html

hodlbod 2w ago 💬 1

Social recovery of keys with shamir secret sharing is a great tool, and under-utilized so far. I actually recently wrote a NIP for key migration: https://github.com/nostr-protocol/nips/pull/2137

The project I was alluding to before is less secure, but is more user-friendly. It uses shamir secret sharing to shard keys to multiple custodians who can then collaboratively sign events using FROST. The user can then recover their key (or log in again) by going through an email based challenge flow: https://github.com/coracle-social/pomade

Reply to this note

Please Login to reply.

Discussion

hodlbod 2w ago

I should also say that in theory the "mailer" and the "email address" could be anything, so you could implement recovery via twitter DM, simplex, carrier pigeon, etc.