Replying to Avatar daniele

> It is not recommended that users publish these encrypted private keys to nostr, as cracking a key may become easier when an attacker can amass many encrypted private keys.

https://github.com/nostr-protocol/nips/blob/master/49.md#recommendations

In addition to this, ncrypt password should still have at least 128 bits of entropy, which typically translates to a password of 17 characters or more using a diverse character set.

nostr:nprofile1qqswuyd9ml6qcxd92h6pleptfrcqucvvjy39vg4wx7mv9wm8kakyujgpypmhxue69uhkx6r0wf6hxtndd94k2erfd3nk2u3wvdhk6w35xs6z7qgwwaehxw309ahx7uewd3hkctcpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7a0nq40

Avatar
Mike Dilger ☑️ 4mo ago

This is a wild theoretical concern with no practical attack. Nobody knows if, with a horde of encrypted keys, you could somehow hack them better than if you were just trying to go after one.

If there is a good reason to put them online, that might easily overwhelm this kind of excessive safetyism.

They should be very secure. Not only because of the good and excessive crypto (xchacha20, good cryptographers are now saying 8 rounds was enough, 20 is crazy) but also from the intense key derivation (scrypt, maximally memory hard) and further because the plaintext is both SHORT and virtually RANDOM.

Reply to this note

Please Login to reply.

Discussion

No replies yet.