Replying to Avatar Matt

The main problem being what it already is for Nostr apps: getting completely rekt if that key gets compromised. Nostr has to fundamentally change and mature before I'll ever use it for more than a low value social media use case.

I only enter my password manager password in one place. Entering it into a bunch of different apps creates the same problem of using the same password everywhere. You'd need to create a different nsec for every app to avoid this, which is fine, but that isn't what most people will do. They'll just paste that sucker into anything that asks and eventually get rekt everywhere just like people do now. The main difference is that there is no recovery under the current model. You can't just contact Nostr customer support and prove your identity to reset your nsec and take back control of everything you used the key for. It's gone forever. That's why I think it's more dangerous than the current legacy model for the average person. It's also an instant take over. Whoever has the key can access any Nostr app instantly, without even knowing which service the owner uses. Currently, an attacker would need to figure out which services I use to access them if I use the same password everywhere, and that takes resources. Nostr is just one protocol.

Things need to get better before more people are encouraged to use Nostr for everything.
Avatar
BlackCoffee 1y ago

what do you propose to fix this?

Reply to this note

Please Login to reply.

Discussion

Avatar
Matt 1y ago

Stop training people to give applications their private key for one. A system that allows for a private key with sub keys would be useful. That way you limit the losses at least. It would be even better if sub keys could be burned and recreated, leaving the lost sub key useless. Ultimately, I would have people store their private key offline like Bitcoin cold storage. Nothing should ever have access to the primary private key. Ever. I've given mine to a couple Nostr clients already which is awful. I think SeedSigner allows for signing notes now, but I believe I'd need to generate a new key first. I still have research to do on this topic. But as it stands, piling people onto Nostr, especially with lots of cool services and apps available, would be an unmitigated disaster with heavy consequences.

Avatar
BlackCoffee 1y ago

sounds good. can you open a PR for a NIP that proposes this?

Avatar
Matt 1y ago

Especially when you start involving things like password managers or people in positions of power like presidents. Imagine having White House nsec just being tossed around into whatever client asks for it. Not a great idea. We at least need better security options for such cases before we start trying to pile on critical people and systems.

Avatar
BlackCoffee 1y ago

NIP46 mitigates this.

Avatar
Matt 1y ago

To be clear, you can't "fix" these problems. But you can mitigate them or make it easier to recover from mishaps. That's all I'm saying. The current model is pretty much as bad as it can be in my opinion. But we are still early, which is why I think it's a bad idea to start using Nostr for critical things right now. I think people should only use it for non-critical things until it's more mature and secure.

Avatar
BlackCoffee 1y ago

it depends on what you mean by critical. there are critical services that could use nostr fine even if a sk is compromised. doing sensitive comms without forward secrecy or post compromise security probably NGMI