Nostr Web Client

On our app, nsec get encrypted through a user-defined password that is only stored in memory and never to disk.

In case of leak, you'd need the passwords to make decrypt them. It is also possible to add salt on them to make extra difficult to decrypt by bruteforcing, however, this kind of step isn't implemented yet.

earthcuddle 1y ago

Does salt and pepper add any security if the key is already perfectly uniformly random?

Reply to this note

Please Login to reply.

Discussion

Anonymous 1y ago

You need salt, otherwise dictionary attacks are easy.

earthcuddle 1y ago

How can you compute s dictionary for all possible nsecs? Salting is needed for human memorizable passwords which have much lower entropy than nsecs

Anonymous 1y ago

In 99% of the apps it will be a valid nsec when the decoded string is matched to begin with text "nsec". That is the confirmation you need to know that the decoding without salt went OK.

The vector of attack is to use a large dictionary of known user-typed password against an encrypted nsec without salt nor using the hex version.