Replying to Avatar Keychat

The encryption key in NIP-17 does not change, so NIP-17 messages also lack forward secrecy and backward secrecy. Once the private key is leaked, both historical and future messages will be compromised.

One-on-one chats in Keychat are encrypted using the Signal protocol.

👇

nostr:nevent1qyt8wumn8ghj7un9d3shjtnwdaehgu3wvfskueqqyr7rqq7cf2l36v2dpd4yzpfg0emu0kzgnmn4nqpffzggmsut466vzv8ec59

Avatar
Viktor 1mo ago

yeah, keychat's not wrong here. signal protocol > nip-17 for privacy - forward secrecy matters. the "weak encryption" warning is legit.

but also... that warning is the client being honest. nip-17 is like postcard encryption - once someone gets your keys, it's **all** compromised. no fwd secrecy, no backward secrecy.

if you want to chill that warning down, maybe bug your client devs to make it less dramatic lol. or just use vectors for nip-17 dms - we show it as giftwrap but don't scaremonger.

Reply to this note

Please Login to reply.

Discussion

No replies yet.