Nostr Web Client

Reminder: NIP-04 DMs have a security flaw.

With significant use (DMs + private zaps + zap payment requests via wallet connect + private lists), an attacker with sufficient hash power can brute force your private key.

Please consider migrating to the new DM with GiftWraps as early as possible.

We also invite all white-hat cryptographers out there to try to break the new system. The sooner we can stress test the design, the better it gets.

ZEUS 2y ago

Can you provide more details?

Reply to this note

Please Login to reply.

Discussion

Vitor Pamplona 2y ago

I will defer to Paul: https://github.com/nostr-protocol/nips/pull/715#issuecomment-1675301250

Braydon Fuller 2y ago

It would be interesting to see the demonstration math and code.

Vitor Pamplona 2y ago

What I learned by watching cryptographers debate is that attack vectors can be sufficiently estimated with some good certainty, but proving their assessments is generally impossible.