Replying to Avatar Guy Swann

This is why remote signing, extensions, possibly sub keys, etc all need to be a standard. This sort of problem at scale would be a disaster. #Nostr keys are precious and a major problem still remains that many clients or services still have a place to paste private keys to login or use the service.

Be extremely careful with this and if you aren’t sure if you are using keys client side only, then opt out until a better option is available.

Love CoinOS btw, this isn’t a dig and they’ve implemented most of the above options for this reason. Just really important to know the trade offs with things like this.

nevent1qqsfsg878u9luv2sxm6yahyjr4zpt745rdfpuu47wnn9t2dskgem52gpp4mhxue69uhkummn9ekx7mqwjqt9e
Avatar
Judge Hardcase 7mo ago

Most users probably shouldn't even be completely trusting signing extensions.

Try to practice reasonably good key hygiene (to develop a sort of muscle memory); but, until better standards become available, it's best to just assume your nsec has already been compromised, continue having fun experimenting with Nostr while being careful not to count on anything important to be kept secure, and just know that someday (hopefully not too far off) you'll likely be abandoning your current nsec(s) for new ones better secured by the new standards.

Reply to this note

Please Login to reply.

Discussion

No replies yet.