Nostr Web Client

No, they can’t login using it either but I think nobody has the nsec as it’s probably generated cryptographically and never stored anywhere. Someone correct me if I’m wrong please.

Alex Gleason 2y ago

Nsecs are generated by combining the ActivityPub ID with a secret key and then hashing it. It's technically custodial keys I guess, but they're not stored in a database, just computed at runtime and cached for the duration of the session.

Reply to this note

Please Login to reply.

Discussion

Disturbia 2y ago

interesting. theorically can anyone hack this keys and start messing around on nostr (for mastodon users)

Disturbia 2y ago

Nice and Kind Vic 2y ago

yes, if you guess the secret, which may be a different salt for each user for more fun

The Daniel ⚡️ 2y ago

Thanks nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6, I guess I understood it correctly! What is the risk of a key becoming compromised?