How long will it be before the first mass-leaking of #nostr npriv keys? Taking all bets
Discussion
lmaooooo v scary thought
Seems inevitable. Everyone is pretty cavalier about pasting nprivs. It’s only a matter of time before an exploit is found on a popular client.
aaah i see i see
i use nosx2 on browser so im gucci prolly
but e.g. the amethyst app doesnt need to have an extension right?
Browser extension helps. You probably won’t be in the first wave.
Let’s not forget though that LastPass was recently breached.
does nosx2 has a same vulnerability as LP?
They’re very different. I don’t have any special knowledge about either.
My original post was more about the general inevitability of a leak by *some* system.
The bounty for such a leak is arguably higher on nostr than in legacy social media. If you’re able to bulk-compromise npriv keys, you can hijack everyone’s zaps, at least until the problem is contained.
But they are not stored centrally anywhere, so how would that even happen?
Off the top of my head: XSS vulnerability on a web-based nostr client.
Soon
Whoops, I meant nsec.
Bitcoin: xpub/xpriv
Nostr: npub/nsec
Why?