Pedro Ataíde on Nostr: I didn't know about the nos2x and nos2x-fox plugins. The idea is good, no doubt. ...
I didn't know about the nos2x and nos2x-fox plugins. The idea is good, no doubt. Nevertheless, I have the following reservations about this type of plugin:
a) These are web browser plugins, and we well know that web browsers are not held up as an example of security. I think there could be a risk that someone could exploit a vulnerability in the web browser (e.g. Firefox) and get their hands on the private key;
b) The private key is always available, decrypted, in the plugin... In other words, the private key is never sent to the web server, but in order for the plugin to use it, it keeps it decrypted... This could also represent a possible point of attack. But I think that the developers themselves are already working on a scheme that requires the user to use a password every time they want to publish an event, in order to decrypt Nostr's private key.
a) These are web browser plugins, and we well know that web browsers are not held up as an example of security. I think there could be a risk that someone could exploit a vulnerability in the web browser (e.g. Firefox) and get their hands on the private key;
b) The private key is always available, decrypted, in the plugin... In other words, the private key is never sent to the web server, but in order for the plugin to use it, it keeps it decrypted... This could also represent a possible point of attack. But I think that the developers themselves are already working on a scheme that requires the user to use a password every time they want to publish an event, in order to decrypt Nostr's private key.