I have an idea, but Iām not fully aware what the risks are of sharing ncrypt1ās in the open
https://www.smokingonabike.com/2025/01/04/passkey-marketing-is-lying-to-you/
Did anyone deeply study the benefits of Passkey? Are they real? If so, for cross-device auth, can we swap the "Big Tech Magic" with Nostr?
Discussion
> It is not recommended that users publish these encrypted private keys to nostr, as cracking a key may become easier when an attacker can amass many encrypted private keys.
https://github.com/nostr-protocol/nips/blob/master/49.md#recommendations
In addition to this, ncrypt password should still have at least 128 bits of entropy, which typically translates to a password of 17 characters or more using a diverse character set.
nostr:nprofile1qqswuyd9ml6qcxd92h6pleptfrcqucvvjy39vg4wx7mv9wm8kakyujgpypmhxue69uhkx6r0wf6hxtndd94k2erfd3nk2u3wvdhk6w35xs6z7qgwwaehxw309ahx7uewd3hkctcpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7a0nq40
This is a wild theoretical concern with no practical attack. Nobody knows if, with a horde of encrypted keys, you could somehow hack them better than if you were just trying to go after one.
If there is a good reason to put them online, that might easily overwhelm this kind of excessive safetyism.
They should be very secure. Not only because of the good and excessive crypto (xchacha20, good cryptographers are now saying 8 rounds was enough, 20 is crazy) but also from the intense key derivation (scrypt, maximally memory hard) and further because the plaintext is both SHORT and virtually RANDOM.