Today I learned that if you do many signatures with the same private key then it's very possible for an attacker to uncover it using these signatures and your public key: https://cdn.satellite.earth/f2daa984ce219112102ec783574df3ea612d51031e653479c903e95cfb3c70d7.mp3
Discussion
…wait, what?!
I think he is being sarcastic. There is no easy way to do this as far as I know
No shit? How possible? How many signatures does it take to make this trivial?
It's not possible. End of the discussion even admits it.
In the source nostr:npub1yxp7j36cfqws7yj0hkfu2mx25308u4zua6ud22zglxp98ayhh96s8c399s says he doesn't really know, ask a cryptographer.
Also I have heard this before, so I really don't know. AI says it is not possible.
What AI says should not matter under any circumstance whatsoever in any discussion which isn't specifically about what AI systems would say.
I agree. I used that Venice.AI tool and asked what the largest word from BIP39 was and it told me it was "abandon" and then after some prompting it told me the largest was a 10 letter word that doesn't exist in the list.
Maybe it's just that one, but I am thoroughly unimpressed.
It may have been the same AI that told me that someone with access to the same dice could replicate entropy so dice rolls are not safe for generating private keys. If an AI has become sentient and is acting maliciously, this is it.
You shouldn't use systems of this sort to ask questions and then believe the answer. You shouldn't believe any answer by anyone, let alone an AI system, unless it's a reputable source or the answer contains a good argument or you can verify it.
AI language models are useful for exactly that: modelling language. For example, they can change the style of writing of a paragraph. Even in that case you should verify the output every time, and it will be wrong many times, but it can still be useful with a decent success rate.
Source: https://www.youtube.com/watch?v=zVAGsv8bJX0 from nostr:npub12qz56plzehejkyp4waaannmnny4y4c30j8q55a3wlk49haslga2snypdx8
(Wouldn't it be great if we could reference podcasts natively inside Nostr instead of using YouTube links? But unfortunately that is not in the realm of possibilities for the current world: https://github.com/nostr-protocol/nips/pull/1093)
Agreed!
Was just this morning thinking how important it is for content creators to post their stuff on Rumble as well, even though it’s centralized, at least it has more chance against censorship than YouTube.
Could bitcoin.tv be a solution,
how censorship resistant is it? nostr:npub13hr9phkuxl34qm2js5cfk4xvykh58ldkh2pte79t7wnn3dauewds5cjt6m?
you can create clips with nostr:npub14pfjj6jf8y702pdjar2q36ve5r4t2gu2lp4yma00j49jkgy7d90swg7mwj
Yup it’s under CASCDRVision on that link
We have this capability with CASCDRVision at https://cascdr.xyz/?tab=yitter . The front end and the back end are decoupled and the API can be consumed however you like. If you’d like to collaborate or get more info DM me I’m happy to help.
The json point is weird. Most apps use json/graphql. This isn’t even the slowest thing. Signature validation is. Bandwidth wise, json isn’t that much smaller than binary. After we switched to a threadpool for note sig validation, its not even that much of an issue anymore nostr:npub1yxp7j36cfqws7yj0hkfu2mx25308u4zua6ud22zglxp98ayhh96s8c399s
json isn’t much bigger*
If this is so obvious then why are we ok with such lack of security here on nosrt? I'm not a dev but I would think that those who are (brilliant as they are) would work this out. Is it just to hard to do at this point in the development?
😂 thanks for this, helps verify the fact that Shinobi *doesn’t*
always know what he’s talking about even tho he always uses that commanding know-it-all tone of voice 😂
No you can’t- Shinobi just doing what he does best. There’s too many “analysts” in the space who have done zero proof of work and produced no products
i havent watched/listened to the video but curious if there is discussion regarding nonces or key extraction
So the more you post on Nostr, the unsafer it becomes?
We need a NIP for key rotation it seems. And one that’s widely adapted too!
it's a joke, signing a message does not reveal your private key
IIRC that was discussed on this PR https://github.com/nostr-protocol/nips/pull/715
🤔🧐😳
OK, you had me going there for a moment...
April fools, eh?
Asymmetric encryption is foundational to both bitcoin AND nostr!
Bitcoin rotates keys.
So, how real/serious is the re-use risk in the context of nostr?
Should nostr be improved to use something like bitcoin's BIP-32 protocol to give each user deterministic keypair chains?🤔
That's one of the first improvements I've wanted to see on nostr, but I have no idea if the re-use risk is going to matter. Keychains would also help with the risk of entering keys into all the different apps and devices people use
Could you animate the moment where Shinoboi was wrong?
