#asknostr
Discussion
This is why we need robust key rotation specs
A basic start would be adding a profile metadata field for alternate keys and making sure that metadata field is always timestamped by default
But imho these are just temporary patches and dont really resolve the core problem. We might need a completely new address format and start from new.
How would a new address format help? Just making it longer to add more randomness or am I missing something?
What I try to say is that #Nostr is npub based, thus vulnerable to long range attacks, like the old P2PK #Bitcoin addresses
How did changing address format fix that for Bitcoin?
pubkeys are derived from privkeys by ECC, which can be vulnerable to Shor's algorithm by simply calculating your privkey out of your pubkey. As long as your pubkey is not revealed, there can be no long range attack. P2WSH/P2WPKH only reveal a UTXO address specific pubkey when you spend them (so you have about 10 min for a short range attack).
Thanks for the explanation 🤙
I might have to update my list of essential shit nostr needs nostr:nevent1qvzqqqqqqypzqamkcvk5k8g730e2j6atadp6mxk7z4aaxc7cnwrlkclx79z4tzygqy88wumn8ghj7mn0wvhxcmmv9uq3jamnwvaz7tmswfjk66t4d5h8qunfd4skctnwv46z7qpq5ytyweq7k7589yvvpwv8hnesftdaqe4xl50nmmadjfgldewyjq8qufrfcd
Great list! 👍🧡
Maybe also consider adding an audit to Tor attack vectors like timing analysis / Sybil attacks, especially if #Nostr is used for direct communication.
https://cointelegraph.com/news/tor-germany-timing-attack-privacy
Maybe in general "we need more security audits" should be a point in the list
Or is there something more specific I'm missing for a Tor section of the list?
Most are distracted by their own opinions here. Don't feel bad if nobody replies.
(I'm not smart enough to have an opinion on this topic)
Sometimes people appear naive and blind for the obvious, or am I paranoid?
once QC actually start to do ANYTHING, everything is at risk. They haven't done anything yet though, let alone break encryption or DSA. It's good to keep an eye on it, but I don't get the panic
But this disruption is inevitable sooner or later. And yes, you're absolutely right, everything is at risk, from banks to ssh to tls....
#Bitcoin as our one and only freedom money will probably be the very first target of the globalistic NWO.