Replying to Avatar An Capone πŸŒ—

When trying a new client, I always generate a new nsec first, give it a try and see if it's even worth the risk.
Avatar
BTC_P2P 2y ago

That’s a solid tactic. Apparently there is an nsec signer which could be a useful piece of hardware if it can protect nsecs from being compromised when moving between clients. Not sure how it works yet though.

I’m going to keep up with the space and be conservative with the attack surface I expose my nsec to.

Over time I think trusted clients and hopefully a trusted nip can be built / implemented that protects nsecs reliably. That or hardware that accomplished the same thing.

Thanks for the input. Followed, zapped βš‘οΈπŸ§‘πŸ’œ

Reply to this note

Please Login to reply.

Discussion

Avatar
An Capone πŸŒ— 2y ago

Well, there is NIP-07 (browser extension) which is somewhat better than just blindly trusting the client, but it just moves the trust to the extension jnstead of a client.

There is also nsecbunker, which I am not entirely sure how it works yet.

If there was a hw key too, that would certainly be also very cool, tho I am not aware there is such a thing yet

Avatar
BTC_P2P 2y ago

https://shop.lnbits.com/product/nostr-signing-device

Not sure if it just holds the nsec securely or if it can protect from third parties cryptographically when entering in new clients.

Avatar
An Capone πŸŒ— 2y ago

Not sure yet, but it's just a microcontroller (esp32), which is somehow supposed to work with a browser extension implementing the nip-07 I mentioned above.

You still have to use a browser extension. What I'll have to figure out is how exactly is communication between the browser extension and the device is supposed to work.

What I believe could be the case would be, that it would basically implement the nip07 itself and use the extension just to pass the data along to the client.