Key rotation + Derived keys fixes this? nostr:npub1gzuushllat7pet0ccv9yuhygvc8ldeyhrgxuwg744dn5khnpk3gs3ea5ds #SovEng
Discussion
That definitely minimizes the risk and reduces the damage it can cause, but it can't do anything about a particular piece of software
I will have a proposal to standardize this in a more robust and secure way by Friday, I would like to have your opinion regarding the ux 🤙
It cannot fundamentally fix this, since the nsecbunker carries out the crypto operations with the nsec, it has to be used there in plain text, i.e. it has to be in memory at least for a short time.
I know. But I'm imagining that that nsec is a derived nsec from your main one in cold storage (something gzuuus starting working on).
So a normie makes an account at a bunker provider.
The bunker can see that nsec.
But when the normie is ready he can rotate to a new nsec he derived from a mother nsec in cold storage.
Or he can rotate to another nsec from another bunker provider in case of rug pull.
yes, it mitigates the consequences if a key is lost.