Reminder: NIP-04 DMs have a security flaw.
With significant use (DMs + private zaps + zap payment requests via wallet connect + private lists), an attacker with sufficient hash power can brute force your private key.
Please consider migrating to the new DM with GiftWraps as early as possible.
We also invite all white-hat cryptographers out there to try to break the new system. The sooner we can stress test the design, the better it gets.
How does one switch to the new protocol?
On Amethyst, there is a little incognito icon on the text field that you use to write replies in private chat screens.
Is there any indication that it is working on the other end? If its not enabled on the recipient's side, will communication commense using the insecure method regardless of the setting?
Wtf
Explain how?
I have to defer to Paul on this one: https://github.com/nostr-protocol/nips/pull/715#issuecomment-1675301250
WTF did I just read? 🤔🤡💩
We're all going to get rekt aren't we?
On a scale from 1 to 10 how fucked we are? 🤡
It's really hard to say. You're all being #attacked and #poisoned on a daily basis with #bioweapons like #man-made respiratory #viruses.
You're also being poisoned by the new #drugs and so-called #vaccines they came up with to treat the #bioweapons they #poisoned you with for #profit..🤡🤑☣️🤮🥀⚰️💀
Which is why I wonder, how so many people are still using it.
Migrating isn't a solution yet unfortunately. We're working on auditing it, and/or exploring a SimpleX integration.
I read the SimpleX spec again. I am not sure if it makes sense to integrate. It would almost certainly create additional breadcrumbs that help attackers trace SimpleX messages from Nostr.
Join us to talk about it with Evgeny:
Can you provide more details?
I will defer to Paul: https://github.com/nostr-protocol/nips/pull/715#issuecomment-1675301250
Exciting news!
Não entendo nada disso. Que que eu faço?
Is a nostr private key generated using the same algorithm used for generating bitcoin wallet private keys ? Why don't nostr use 12 or 24 or 24 plus seed phrase type of key generating support?
Mostly because we haven't gotten around to code it :(
Is this a real concern?
What we really need is some sort of revocation scheme to recover from an inevitable key leak.
Why morherfucker?
What the system do to your weak and pathetic ass to be attacked?
Hurt that pathetic ego of false cored understanding?
I'm too dumb to understand
Is this post for lay people like me, or for programmers?
I didn't understood the technical things in this post.
What should I do as a general user, nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z?
I feel anxious.
