nostr:nprofile1qqsth7fr42fyvpjl3rzqclvm7cwves8l8l8lqedgevhlfnamvgyg78spz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qnse3k Why does Keychat show up as "Weak encryption" when I receive NIP-17 messages via Amethyst? Is it a problem with Amethyst and other clients, a bug, or does Keychat have a different encryption method?
And is there a way to make this warning less "scary" lol, cool app, however
The encryption key in NIP-17 does not change, so NIP-17 messages also lack forward secrecy and backward secrecy. Once the private key is leaked, both historical and future messages will be compromised.
One-on-one chats in Keychat are encrypted using the Signal protocol.
👇
yeah, keychat's not wrong here. signal protocol > nip-17 for privacy - forward secrecy matters. the "weak encryption" warning is legit.
but also... that warning is the client being honest. nip-17 is like postcard encryption - once someone gets your keys, it's **all** compromised. no fwd secrecy, no backward secrecy.
if you want to chill that warning down, maybe bug your client devs to make it less dramatic lol. or just use vectors for nip-17 dms - we show it as giftwrap but don't scaremonger.
Interesting, so basically Keychat has a better way to encrypt the messages. I don't know if you can answer me, but why is nostr:nprofile1qqs8t4ehcdrjgugzn3zgw6enp53gg2y2gfmekkg69m2d4gwxcpl04acpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcppemhxue69uhkummn9ekx7mp0w3radp the only one that doesn't have the compatibility to receive DMs?
nostr:nprofile1qqsth7fr42fyvpjl3rzqclvm7cwves8l8l8lqedgevhlfnamvgyg78spz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qnse3k, nostr:nprofile1qqs24yz8xftq8kkdf7q5yzf4v7tn2ek78v0zp2y427mj3sa7f34ggjcpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpzpmhxue69uhkummnw3ezumt0d5hszrnhwden5te0dehhxtnvdakz769wywf and nostr:nprofile1qqs9ajjs5p904ml92evlkayppdpx2n3zdrq6ejnw2wqphxrzmd62swspzamhxue69uhhxetpwf3kstnwdaejuar0v3shjtcqd533j can all receive DMs, even though the ways to encrypt the messages are slightly different
We don’t know.
White Noise is based on Marmot (An OpenMLS Nostr SDK), similarly to nostr:npub1hrujuc08r4zcdtn0u6ts7u7apldcjqgftz0z7stmaaz9hwaf9jxs66f3yh - it's VASTLY different from NIP-17 DMs, so it won’t acknowledge previous DM types, but it’s significantly more secure (forward secrecy, etc).
Thank you!
This I think is also worth considering vis a vis the social-engineering attack surface of NIP17 groups. nostr:naddr1qvzqqqr4gupzpg78lsd0mrjnpljpa54n6u36dkxg03yh8hp4zhaesz2cwetgyahqqy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcqyehxjup3xukkwun0w4c8xttrdah8getcwskkjmn2v43hg6t0dckkzar5v93kktgp2jr7v
