auth is just asking you to prove ownership of a public key

this acts as at least a temporary identity for a session

at best a way to prove you deserve to access privileged data (your DMs)

it is identical in every respect except algorithms to how all password authentication systems work - it's not the password that is stored, it is the hash of the password...

NIP-42 is like CHAP, which is used for dialup and ADSL internet, it sends you a random string, you generate a response, and only teh valid password produces a valid response