I hope not, nostr:npub14hlzw4sywt23drreaqs8ruf00dsrnnv5hfnyu49g2hpheq836umssur6nl and I have sent 7 trillion.. may as well post my nsec. πππ
Discussion
saaaaaaaame
so fucked if true lmao
Time to bring in the big guns π
nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj how faked are we?
nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 any ideas on this?
You sent 7 trillion DMs to Lauren?? Wtf is going on over there??? π€π€π€π€π€π€
similaaaaaaar*
doesn't have the same ring to it innit
but yes, yes we hab, 21 trillion even
Hmmmmm do you ask her questions like this? 
Yezz. We sned cat pictures and smol animals and tard shit ππ»ππ»ππ»
You send each other cat pictures?? Hmmmmmm my interest has been peaked.. logging in on your nsec. πππππ. I wanna see some π±
*Piqued*
Hue wish πππ
I've been on nostr a year and a half and only today I begin seeing the deepest darkest corners of it
big if true tho
u said no hard claim still, just erring to paranoia right
ye i dont speak that language idk what to do w it just referring to your earlier message
Iβm assuming thatβs bad 
Buttholid πππ
just copy-pastaβd the whole thing into chatgpt, with this in front of it βexplain this as if i was astonishingly uneducated:β
πππ
Well what did it say?? π°
Sure, I'll explain it in simpler terms. Imagine we're talking about making changes to something important, like a lock on a door that many people use. We want to make sure the lock is strong and secure.
1. One of the ideas being discussed is about how this lock works. Right now, it might not be as secure as we'd like. There's a risk that if we keep using it as it is, it could be easier for someone with bad intentions to figure out how it works. We have a way to make it safer, but it involves some changes to the lock.
2. Another issue is about the way the lock is set up. Right now, the way it's set up could make it easier for someone to break in. We need to make sure the lock is set up in a way that's really hard for people to predict.
3. The lock also has some problems when it's used a lot. The more it's used, the less secure it becomes. If we use it a lot, like thousands of times, it could become very easy for someone to break it.
4. People have already found ways to break this kind of lock in the past, and not all locks are checked properly to make sure they're secure.
5. Finally, the way this lock was designed is based on some assumptions, but those assumptions might not be true in reality. This means the lock could be vulnerable to unknown attacks, making it less safe.
So, the question is, should we keep using this lock the way it is, even though it might not be very safe, or should we make some changes to try to make it more secure? That's what's being discussed.
Can hue blz explain dis in tard form? π
Your private key (nsec) is simply a random number. If someone guesses that random number, they have your private key.
The claim here is that every time you send a DM, it makes it easier to guess what that number is.
I gathered as much. Shit. Not great.
It doesnβt make sense though, the shared secret is used for encryption. If anything there could be a flaw that leaks the shared secret over time (of some mechanism which I donβt understand), but this shared secret is derived from ECDH. I see no way how the encryption part could leak anything about the original private keys unless something was seriously broken.
I think Paul said it was because we weren't hashing the shared point, so it reduces the entropy on the original key
ECDH shared secrets reduce entropy on the original key? Wouldnβt this break ECDH ? Couldnβt you create billions of keys to reduce entropy? How does hashing help in this case ? Not adding up for me.
I don't know anything, but here's what GPT has to say:
The raw shared secret generated from ECDH should not be used directly as a cryptographic key for a couple of reasons:
Predictability: The raw shared secret's value range can be somewhat predictable, especially the beginning and end parts of the secret. This predictability can reduce the entropy of the secret, making it a less secure choice for cryptographic operations.
Purpose Differentiation: Without some form of derivation or hashing, the same shared secret will always lead to the same key. This can be problematic if you need different keys for different purposes (e.g., encryption vs. authentication).
To mitigate these concerns, it's a common and recommended practice to use a key derivation function (KDF) after obtaining the ECDH shared secret. The KDF can use cryptographic hash functions, like SHA-256 or SHA-3, to derive a more uniform and unpredictable key from the shared secret.
guh
Specifically the shared secret, not the private keys. Even if this is true, its still extraordinary unlikely that you could guess the shared secret, and the damage would be limited to the convo between two people.
The claim that DMs will leak your private key is utterly false.
Does this mean the worst possible case is it only affects that particular conversation instance?
yes this is how I interpreted it, because the shared secret is the only secret involved during encryption. So when people say βdms will leak your private key!β I assumed they meant shared secret. If shared secret could leak private key that would be pretty bad and ECDH would be insecure.
This risk is further reduced if relays start putting DMs behind AUTH too, isnβt it?
That's better than I thought. The main vulnerability would then be encryption to self since that's done more frequently. But you could use ephemeral keys as a nonce to generate a bogus shared secret.
@DM Leaks Donβt assume because of false assumption rather validate or confirm especially in Age of endless Spam/Scam not only by Fiat paid trolls but also unpaid AI bots for example, there is no such thing a shared secrets including Top Secret where security 3 dimension is about Access rather shared intelligence even in quantum entanglement there is transparency not security like 4 dimension since the piece is part of whole no separation like law of One unlike divorce divided by secrecy cheat means more than one or lack of oneness (unity) by self custody metaphor not your coin not your keys like private key.
so the first and last couple of values of the shared secret string are exposed.. they don't get more exposed then that the more you chat, no? people will still have to try and guess the rest?
so is the danger perhaps that the more you dm, the more you expose yourself in a database for being a target for breach? or is it something deeper?
nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj maybe u noh? i try to do big brain here, need halp
Iβm assuming that DMs use asymmetric encryption.
Doesnβt that mean that if I send you a DM Iβm encrypting it with your public key so you can decrypt it with your private key and vice versa.
If usage were to help with guessing the nsec couldnβt someone just constantly use my pubkey to encrypt data until they could βguess the numberβ. The decryption of the data happens βoff networkβ.
Maybe Iβm misunderstanding how DMs work but thatβs what I originally thought.
Hey nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z, does this vulnerability apply with other things that get encrypted, like the mute list every time you block someone in #Amethyst ?
GREAT question! ππ³π²
Yep. Every nip04-based encryption counts :(
wen switch to NIP-44?
It's going to be independently audited in November so hopefully shortly after
oh
goddanged i cant keep up
just now reading will and hodlbod discussion
Summary for hue -
Big brains infiltrated tard convo⦠they are saying things.. big things.. things that almost no human on earth can understand.
?cid=2154d3d7r760kiohqehw5830qwrekj7oiid4601kfakyd19h&ep=v1_gifs_search&rid=giphy.gif&ct=g
yea that claim is the important part
we need a more extended claim
in tard
or we just simply stop dm'ing, maybe best
By "deepest darkest parts of nostr" I'm not talking about security but nostr:npub14hlzw4sywt23drreaqs8ruf00dsrnnv5hfnyu49g2hpheq836umssur6nl and nostr:npub175hdheqn0arfdgywe9n2rze5eaf0j2mlz0xp5kq30vy57jqsncdqy2tpe9 with their cat pictures
?cid=2154d3d7zsgbbldp27plkxqwuu2azy9qiw6tqb8yr224tnzl&ep=v1_gifs_search&rid=giphy.gif&ct=g
π
what berrrrd pics buddha
πππ. Yes, I send Lauren super innocent, actual bird pics.
hmm i dont believe hue
π
You have no idea how bad I want to put the nostr mask on my dick and post it. ππππ
Noh
You have to admit it wouldβve been hilarious
i didnt noh bird wuz duck u freaks ππ¦
ππππ Tata innocent
Me and Tata innocent. Is why we dm cat and smol pics π₯Ή
Wtf is a smol pic???? πππ
So for example I sned her dis and say βsmol π°π₯Ήβ https://video.nostr.build/32bb5614cc924e5fb1d3b9aec7c506af011bf2fdc1874d2e6009685a77f534d2.mov
Ok, okβ¦ I feel bad now. Thatβs actually super innocent and cute. Carry on.. Iβll save the hardcore stuff for our actual texts. πππ
tiny pupu
π³π«£ I do not want to go der.
I like the rainbows & butterflyβs version of nostr βοΈβοΈβοΈ
gnβ’ then
Hahahahahahaha