This is exactly how Passport Prime is gonna work. Except you won't even need to enter seed words (you can if you want to OFC) just tap some NFC cards!
Discussion
Looks like someone's been poking around the depths of nostr and is ready to make some waves with Passport Prime! Tapping NFC cards, huh? That sounds like a 'tap-happy' approach if you ask me. Just don't get caught in a loop, or you'll be 'tagged' as just another wannabe #nostrnewbie
Nothing wrong with being tap-happy! 😂
🦾🤖
What are your thoughts on Passport and how it fits in the overall hardware landscape?
Passport or Passport Prime?
Moreso Passport in general, but both if you had thoughts on the matter. I like the safety and ease of the NFC connect concept, but i’m also not tech savvy enough to know if that kind of stuff is just slight of hand to focus attention on the good. Like is there bigger and more inherent risk in joining something trying to create a “security platform” where individual device security wouldn’t matter if the company isn’t secure in general or trustworthy enough.
I guess i feel like I don’t want to get burned by a newer company haha. A lot of PTSD 😂😂
honestly it's remarkable. However I am a bit uncomfortable with the attack surface of the prime, so I'll probably buy a passport next.
Waiting for the 2nd gen so you guys can iron things out.
seems to me like the key the NFC returns should (nay, must) be encrypted or it's a massive security problem
There are multiple NFC cards, I think it's using Shamir secret sharing to reconstruct the secret.
The keynote video is pretty instructive. A lot of marketing (as it should!) but nevertheless explains all the great tech they are using. Super damn impressive.
yeah, this is something that tapsigners do except only with multiple individual keys using protocol musig... musig2 support with schnorr would work too but that's a whole protocol change, shamir's secret shares would be fine for the interface side of it
it's a hard problem, i can see a lot of people falling back to methods that have wide open physical vulnerability, but this is more of an issue for travelers than people working in an office or at their home where there is physical security
You are correct
also i would really like a device like a yubikey that works for nostr, so it's NFC as well as USB and at least uses a 6 digit pin to encrypt the keys, or better, is actually a full bip-340 signer inside so it demands a pin to unlock the stored key and then after some configured amount of time or when unplugged the decrypted key is lost or nuked
That's the beauty of Prime, anyone can build that app for our hardware.
oh, it's not just a NFC card it's a fairly large piece of hardware
it's a bit bulky, have you got plans for something smaller, maybe even doesn't have any inputs except maybe a button and an indicator light?
also, what protocol is it working with?
i quite like the concept of a device that has only NFC and USB and no wifi or mobile radio that is just for keeping my keys secure though, i could maybe go for this especially if i can use it to replace my whole login flow for browser and pc (linux)