Replying to Avatar Adam

So I have to approve every note from the Lilygo device, similar to a bitcoin spend? And I would need to carry the device with me for mobile use? Seems like a massive PITA.

Imo, it's only useful for high visibility accounts where loss of the private key would be devastating. Or maybe I don't fully understand?
Avatar
Ron Stoner 2y ago

In the current version it works as a “blind signer” so to speak. I need the device plugged in with Chrome and a NIP-07 extension such as Horse. Certain clients that support NIP-07 authentication will call out via USB over the Horse extension for signing requests. I actually like that I can plug in the device and use nostr as normal but know that my private key is stored on the device passing back and forth signed events and shared secrets.

The things currently missing that I’m sure are coming :

- Locking/unlocking

- Better key encryption

- Individual event signing

- Preview of event on hardware display

The user experience of just needing a device plugged in (the ‘something you have’ in security) is actually nice with the trade off in security and event signing. I would love to see a toggle for the user to customize their own experience depending on their security posture and what the key is associate with.

Reply to this note

Please Login to reply.

Discussion

Avatar
Adam 2y ago

Thanks for the reply. I agree, there's definitely peace of mind with a physical device.

For a similar experience with a little less security, something like the Alby extension works well. It can prompt you every time it needs access to your private (or public) key, and it shows you a preview of the json that will be signed.

Avatar
Ron Stoner 2y ago

I’ve used Alby and nos2x prior and like what they do. Based on who I am though I prefer to manage my keys totally offline. The hardware experience still has a bit to go, but I love seeing the foundational work to get there. It’s not for all users, but then again security is never one size fits all and there are always trade offs.

Avatar
Adam 2y ago

Well said. Good luck, I look forward to seeing how this develops.