Avatar
Niel Liesmons 1y ago

Keymoji:

Making normies create & remember secret keys.

https://cdn.satellite.earth/bed7cc8dbd2e0714cef59339ab5b8f12a31e009addcc7f95a21a71614a5eebd2.mov

Yes, it's a stupid idea.

Yes, it's something you would never do for a bitcoin address.

Yes, it kinda supposes key-rotation will a thing at some point.

Yes, it needs to be combined with a great "login"-flow for other apps (which I'll share this week 😉)

But,

It puts keys in the minds of normies. Literally.

(insane how fast people can remember even randomly created Keymoji's in my tests)

It doesn't hide nsecs in honepot-bunkers or behind email-looking sign up flows.

It doesn't use the English-only 12 words seed phrase.

It avoids clipboards and even if users are stupid enough to save a screenshot of the emoji's, it's only one part of the key.

The lazy way is (to let the app generate the emoji's + line for you) is the most secure way.

Think about it 🙃.

#nostrdesign

Reply to this note

Please Login to reply.

Discussion

Avatar
imnuso 1y ago

Cool approach

Avatar
PastaGringo 🤖⚡ 1y ago

Your design are so pleasant ⚡😅

Avatar
Niel Liesmons 1y ago

Pleasant is 💯 what I go for.

Avatar
Big Barry Bitcoin 1y ago

Would love to see login flow and/or restore process.

I think we should heavily consider how likely we will see collisions in the wild, especially as people are likely to copy each other even if subconciously.

There are a lot of emojis, but most people use/care for only a handful of them.

Avatar
Christian 1y ago

Probably lots of reasons why this is a risky approach to key generation, but it is thinking outside the box - like it very much. I've only seen the keymoji video once, but I remember they key with ease.

Avatar
Niel Liesmons 1y ago

Yup, but so far I find good enough "solutions" to all those reasons/risks.

Even just generating the emoji's for the user is 10x better UX then giving them 12 English seed words.

I keep showing Keymoji's to people and they remember it instantly and have fun.

When I show them 12 words they fall asleep.

Avatar
Christian 1y ago

I don't disagree!

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

there is a 1 to one for those of us who are good at memorising tho, you should allow that in the input and show the BIP code words in the output

beware, i will make a tardar grumpy cat meme about you otherwise

https://i.nostr.build/eZlY2.webp

Avatar
47 1y ago

really cool and novel idea. Nice work!

Avatar
Luk₿lack 🧡🎩💜⚡ 1y ago

I like these solutions even it's a bit risky.. It reduces the entropy but with right attitude.. You can teach to normies how to raise it! 🎩🧡💜⚡

nostr:nevent1qqs997e0zun038pk6mfz7sqcc57hm324w6f586w5f0p8ne3t7drd4qspz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzp22rfmsktmgpk2rtan7zwu00zuzax5maq5dnsu5g3xxvqr2u3pd7qvzqqqqqqyxwwxtg

Avatar
daniele 1y ago

It has some flaws, but somehow I like it, it's an interesting solution; exploitation of visual memory in the UX and security is underestimated.

The first point to check is the entrophy and robustness of the generated key; 4 emoji seems really few (consider also that the full list has 1874 emoji, bip39 has 2048 words), but a password with an imposed min lenght could make the difference.

PS: I really like your attention for design's details, well done Niel.

Avatar
Niel Liesmons 1y ago

There are 3664 emojis, no?

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

you only need 2048, otherwise it's an ugly codebook

Avatar
Niel Liesmons 1y ago

Noted ✍️

Avatar
daniele 1y ago

I checked this https://unicode-org.github.io/emoji/emoji/charts-15.0/emoji-list.html and it seems updated to unicode v15.1. Where do you count 3664?

Btw, some emojis have just a slight difference, e.g. color, and this could make harder recall the correct one.

Avatar
Niel Liesmons 1y ago

https://emojipedia.org/stats

1. Skin color, gender etc nearly double those 1874 in the unicode list

2. It's ok if you don't recall the correct one exactly, because you have infinite tries and know what to look for

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

There is only 1874 base emojis? That's too few. If you cut to 1024 from that, it's 10 bits per symbol and you'd need to extend to 14 for the same bit size.

I think 2048 symbols is too many, also.

But so long as you give the set as an input panel, ok.

Avatar
Niel Liesmons 1y ago

1️⃣ Best case math:

Emoji's 👉 3664^4 x (16 x 15 x 14 x 13) x 4 x 4 x 4 = 5E20

Normie Password 👉 guesstimate for >8 letters = 1E9

Total = 5E29 = 98 bit

2️⃣ Usual case math:

Emoji's 👉 1848^4 x (16 x 15 x 14 x 13) x 2 x 2 x 2 = 4E18

Loser Password 👉 guesstimate for >8 letters = 1E6

Total = 4E24 = 81 bit

3️⃣ Worst case math:

Emoji's 👉 500^4 x (8 x 7 x 6 x 5) x 2 x 2 x 2 = 8,4E14

Laughable Password 👉 guesstimate for >8 letters = 1E4

Total = 8,4E18 = 62 bit

Avatar
ManiMe 1y ago

I’m not sure why “remembering” one’s private key would even be a UX goal? If the problem is secure storage and transfer, why not just solve for that?

Your design requires users to remember an emoji-grid-line thingy AND a password. A simpler “encrypt the nsec” solution only requires a single password to remember.

The NIP49 (ncryptsec) encryption standard for nsec allows for private keys to be copied and and pasted, stored locally, and yes even stored “non-custodial” in the cloud, WITHOUT having to remember anything more than a password.

https://github.com/nostr-protocol/nips/blob/master/49.md

I’ve already implemented this in an onboarding flow for “normies” that generates and stores encrypted keys (and Nip05), simply by entering a username and password. How is this NOT a simpler solution? (Honest question)

https://nostrmeet.me/niel@nielliesmons.com

Avatar
Niel Liesmons 1y ago

Secure storage and transfer are the goal indeed.

Encrypting the nsec locally should be default and NIP-49 has great promise. Especially if it's easy to check whether a FOSS app implemented it and does ONLY that with your nsec. Very cool things you can do then.

Issues I ran into though:

1. How do you transfer the encrypted nsec to another device? Once it's out there, it's out there and your single password will be hacked in no time.

I thought of automatically sending their encrypted nsec to their phone number or email on sign-up with a sign-up link for other devices etc... But nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr quickly made me realize how dumb that was.

2. How do I onboard users to actual keys (nsec + npub), give them agency, make it fun and have it work for every language?

3. How do they secure their key beyond their device? 12 random English seed words on paper, really!?

4. NIP-05 + password is the worst of both Big Tech and Nostr. (it took me a while and actual tests to see why)

Normies do NOT understand it. It's not an email but looks like it. Why can't they use their own email? Sometimes it's hosted locally, sometimes it's in the cloud. It has a delay. It relies on domains being available. Etc...

Avatar
ChipTuner 1y ago

Maybe I'm too much on the extreme ends here, but since we have no proper cryptographic mechanism for keypairs, if an nsec is ever stolen, you permanently lose your identity and every account that used it for authentication. Because of this, I don't think we should be building any tools that can pose risk to key theft SOLEY for the sake of convenience or on-boarding.

Great the UX is easy, and tons of people sign up, go transferring their keys all over the place and many of them will get their identities stolen.

Yes I understand the argument: well it's probably better than users copy-pasting nsecs everywhere, yeah it probably could be. Still think that's a different argument though. Nostr is different than traditional app UX, I think we need to stop pretending we can make it work how people are "used to it" and educate.

I'm not sure where we need to take these actions, but I will still advocate for less key attack surface area. My signing app doesn't even have the code to extract private keys and likely never will.

Avatar
ManiMe 1y ago

Good points.

Avatar
ChipTuner 1y ago

Something also worth mentioning on the encryption side is: you can't put the toothpaste back in the tube. Once someone, or governments go hoovering up encrypted anything, if the encryption is ever found to be weak, your keys have now been compromised. We saw it happen with early SSL and the NSA, and is likely still happening. But that was just passive attacking, this allows for unrecoverable active attacks.

To my knowledge no other system functions with this much risk. I can't think of another scenario where a user doesn't have the ability to counteract and active attack.

Certificate authorities can issue revocations to limit damage

Bitcoiners can move funds if they get nervous or have many wallets

SSH can issue new certs

PGP can regen or issue revocations

Passwords can be changed

Bank accounts can be closed and reopened

TLS connections are generally short lived

nostr keys have no countermeasure whatsoever.

Avatar
Niel Liesmons 1y ago

Yes. Nostr is going nowhere without key rotation.

Avatar
Niel Liesmons 1y ago

This is also exactly why sending around encrypted nsecs over internet is not something to normalize.

Avatar
ChipTuner 1y ago

100%

Avatar
ManiMe 1y ago

buuuuut … Encrypting nsec for private (everyday) use should still be best practice.

So … right now, I see the best “normie” onboarding experience is to simply encrypt and store (not share) their new nsec “in the cloud”. Let their “web of trust” do the key education. Here’s how:

- incentivize “nostr advocates” to invite their friends.

- ask for U&P (only) upon invite.

- create Nip05 with username.

- encrypt nsec with password.

- allow for logging in ( anytime to the onboarding client) with U&P and pasting OUT encrypted nsec for use in other clients.

- encourage advocates themselves to educate their new friends about key management, recomended clients, quality content and follows, and other Nostr pro tips all from WITHIN the onboarding app.

Tell me there’s a better way for onboarding today…

Avatar
ChipTuner 1y ago

If we are strictly talking on-boarding, can't argue with that. A simple and secure solution first/default. If they want to leave/branch to other clients they can learn how to extract their keys, or try more secure management solutions.

Once client apps get better I can't imagine there will be as much client swapping as we do today. So it doesn't have to be easy to swap clients. I wouldn't swap so often if each client didn't have major UI issues that cause me to switch between them.

I also have to imagine some (or most) mobile clients will simply setup a nip46 signer in-app in the future anyway so if users want to try other clients they just need their starter app which is currently holding their keys, no nsec extraction necessary.

Avatar
ManiMe 1y ago

To your point … I’d like my onboarding client to double as a signer … but without key custody…. In the future.

This is how I see onboarding best practice…. Now all we need is funding to move fwd… 🤷🏻‍♂️

Avatar
ChipTuner 1y ago

>Now all we need is funding to move fwd

Same brother!

Avatar
Niel Liesmons 1y ago

I'm not advocating for transferring keys everywhere and I'm working on a solution that avoids and disincentivizes it when not warranted (95% of cases). Again, above is what I'd do for nsec creation, memory and ease of transfer. Not because I'll make them enter it everywhere.

Putting the keys front and center matters.

Doing that is not at all what people are used to.

The more fun and agency I can built in, the better.

And the smaller the attack surface will be in the end.

Give normies an nsec and see what they do with it. Fun assured 😂 .