i've been working on a thing called "noshtr" which replaces SSH with nostr and i was part way through implementing a noise protocol tunnel for it that uses nostr native - sha256/secp256k1 for MAC and ECDH
as far as using the pc locally, the idea would be to have an enclave that isolates your nsec and then hook that into anything that needs a signer
i don't think it would be useful to go any deeper than that, just to make nostr keys a native auth tool
You could also make local/remote relays part of the filesystem, like Microsoft does with OneDrive/Sharepoint in Windows.
now you digging at something interesting
nostrfs
this one is very interesting because of how it overlaps with blossom protocol, i mean, if you just purely do the "fetch this event ID" functionality they are the same protocol
to make it a useful FS you need to have human readable filenames not just crazy SHA256 identifiers
🤔 Yeah, stuff like this.
I'm kinda getting lost in the details, but I feel like I've done my part for posterity by suggesting it. 😂
well, a signer is at the centre of it, and secondarily a secure TTY, after that you are designing a system namespace hierarchy to tie it all together, and each different part that uses the same signatures/auth has its own specific set of concerns, like a local cache relay, or p2p shared relay caches/blossom etc
i see no reason why it can't be made into a little suite and it should be simple to have this tooling run on any OS to augment it to enable you to do native nostr stuff and plug into things like web apps for signing and so on, LN wallet signer keychains, one keychain to rule them all!
I like that. Nostr Suite. Suitestr. 😂
And integrate git seamlessly, like Sharepoint does with Team Foundation.
And deliver it as a package with Nostr versions of desktop software.
Calculator, browser, document editor, IDE, etc.
LN wallets.
App store. And you install apps natively by double-clicking them. 🤷♀️
yes, and i think that building it on top of an SSH replacement is the unix way to do it also, single responsibility principle, and for security it means you can lock it down easier
https://github.com/mleku/noshtr this is the beginnings of it, i'd started with a different noise protocol framework but then found nyquist which is much nicer, but it's not finished yet, just putting it there so you can see it
I just tagged someone who might understand what you're saying. 😂
I will give a little pushback, aead encryption has been around for a little while now integrating these protocols. Often using the exact stack except Blake2/3. Just missing secp256k1 and to be fair, im not sure I'm risking it all on it anyway, we will never have hardware support for mfgs that focus on government nor operating systems on so on. Libraries are a whole lot more portable when you can rely on an operating system for crypto primitives. Monocypher has a great API for this.
yeah, i've been working with these things for a long time
i built a thing in 2023 that uses sha256 and secp256k1 schnorr signatures as the MAC
in my cruddy initial version it could crunch through 8Mb/s/thread which was more than enough for a typical modern CPU to do a fully packed gigabit channel
and the amount of irrational bullshit about secp256k1 yet here we are, 2024, bitcoin still no problem with signatures, schnorr variant rolling out steadily
idk what to say
i routinely use SIMD code for my SHA256 hashing and it's fast as hell, like, more than 4x faster than it was before
i've seen how fast the secp256k1 C library is, and that's not even going SIMD yet, and it totally could, and if i had 3 months to tool up i could build something like this myself (in assembler)
ironically, the math of koblitz curves is actually on par with edwards, but unlike edwards, it's not possible to craft backdoors into the group
i think that BIP340 style EC signatures and SIMD sha256 allows you to do a perfectly adequate, and single-stack of crypto tooling free of legacy bullshit, and that it is very appealing to bitcoiners and nostr users... you can even find some amounts of commentary on nostr out there about fiatjaf's decision to go with the musig2/taproot BIP-340
when it comes to actually working it on hardware, 256 bit pubkeys versus 257 really makes a big difference, it's an alignment problem, you are talking 4 long words versus 5 long words to process the same data
i think this chacha/blake stuff is cool and all but if it's sufficient and bulletproof secure with a single crypto stack then why pollute your code or your memory with this?
nostr:npub1qdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havq03fqm7
https://github.com/mleku/noshtr this is what i built so far, it's not finished yet but the idea was to have it do all the things of SSH but simplified, so it creates a TTY to a remote pc and drops you into the system configured shell, and gives you a key generator and keychain (probably would be easy to integrate vainstr into it, which lets you mine for vanity npubs)
Doesn't GNU already have a pluggable auth provider for SSH?
maybe GNU does but not OpenSSH... would be very cool if it was that easy cos it would take me a day to do it
(*ozzy man voiceover*) yeah, nah, mate, there isn't any such thing, gonna hafta build something custom, by crikey
Wow, good to know, I was thinking the same thing, yeah make a plugin.
so, yeah, just confirming what my research shows... you can make one for PAM, but not for SSH
so, anything you do with PAM is linux only
if you want to make it cross platform, ie windows and mac as well, you are gonna have to write a whole new ting like i've started on
