Anonymous on Nostr: In 99% of the apps it will be a valid nsec when the decoded string is matched to ...
In 99% of the apps it will be a valid nsec when the decoded string is matched to begin with text "nsec". That is the confirmation you need to know that the decoding without salt went OK.
The vector of attack is to use a large dictionary of known user-typed password against an encrypted nsec without salt nor using the hex version.
Published at
2024-08-28 20:05:27Event JSON
{
"id": "8e954db5c7da669b3d983d816dc8e4799188208f4c17d12879af7773f1bf6bba",
"pubkey": "0175aa092fd0a77fc4bb131b0386f08d0fe1a5f563195b5a64963c6c3a92a079",
"created_at": 1724875527,
"kind": 1,
"tags": [
[
"e",
"f0fcb9ff0c90f4ae91f797f84ed90d03cc578c65048f20aeb3d7e8f68b4a2c8f",
"wss://a.nos.lol",
"root"
],
[
"e",
"f98dd1359a0cd048c4599ffcc052a5e18adefacff859f4b9a02b8ef36c7430e1",
"wss://a.nos.lol",
"reply"
],
[
"p",
"48b50e45c1a049ab5ba0eab4381f0a3b6b21d09aaaa1aea6b1e2daf27ebdd7ab"
],
[
"p",
"0175aa092fd0a77fc4bb131b0386f08d0fe1a5f563195b5a64963c6c3a92a079"
],
[
"p",
"2b1de1346ff10976b8f3845aad615a9f9fbba9e57b6b81eb6aae0f9c9dd2081e"
]
],
"content": "In 99% of the apps it will be a valid nsec when the decoded string is matched to begin with text \"nsec\". That is the confirmation you need to know that the decoding without salt went OK.\n\nThe vector of attack is to use a large dictionary of known user-typed password against an encrypted nsec without salt nor using the hex version.",
"sig": "4438e691ee658b2a4cfeb970369fd08c9695baad432b5a99af9807524365afc921a5245a80c930f92d2b20ee33ab898f90bc560c4d9625261befef5a1b7bdc9e"
}