hes on Nostr: Serious question from a non-cryptographer pleb and important discussion for the ...
Serious question from a non-cryptographer pleb and important discussion for the future of Nostr.
1. Private keys derive public keys; but is it possible to derive a new private key associated with the old public one? (And burn the old nsec)
—— In the regular world, I often change my passwords frequently for opsec. How does one protect their npub on Nostr? (Saying “be smart with your private key” simply won’t cut it if we want mass adoption)
—— is there a technical solution that would allow users to change up their nsec every so often to prevent compromise?
2. I’ve seen a few accounts here get compromised. What solutions do we have if this happens?
—— the only thing I can think of is having a second “ICE” npub posted on your bio that will only post in the event the main npub gets compromised. Not a perfect solution but could at least provide some assurance that the main account was hacked. (Granted most followers would never see it, but at least would provide some backup incase of anything nefarious being posted “as you”)
Obviously being smart with keys and using solutions like nsecbunker/extensions/signing devices is important, but they don’t address what happens should your main account be compromised. Anyone thinking about these things? #asknostr
Cc: fiatjaf (npub180c…h6w6) jb55 (npub1xts…kk5s) miljan (npub16c0…6nvr) hodlbod (npub1jlr…ynqn) Stuart Bowman (npub1lun…27lj) fishcake (npub137c…k37w) MartyBent (npub1guh…6hjy) ODELL (npub1qny…95gx) calle 👁️⚡👁️ (npub12rv…85vg)
1. Private keys derive public keys; but is it possible to derive a new private key associated with the old public one? (And burn the old nsec)
—— In the regular world, I often change my passwords frequently for opsec. How does one protect their npub on Nostr? (Saying “be smart with your private key” simply won’t cut it if we want mass adoption)
—— is there a technical solution that would allow users to change up their nsec every so often to prevent compromise?
2. I’ve seen a few accounts here get compromised. What solutions do we have if this happens?
—— the only thing I can think of is having a second “ICE” npub posted on your bio that will only post in the event the main npub gets compromised. Not a perfect solution but could at least provide some assurance that the main account was hacked. (Granted most followers would never see it, but at least would provide some backup incase of anything nefarious being posted “as you”)
Obviously being smart with keys and using solutions like nsecbunker/extensions/signing devices is important, but they don’t address what happens should your main account be compromised. Anyone thinking about these things? #asknostr
Cc: fiatjaf (npub180c…h6w6) jb55 (npub1xts…kk5s) miljan (npub16c0…6nvr) hodlbod (npub1jlr…ynqn) Stuart Bowman (npub1lun…27lj) fishcake (npub137c…k37w) MartyBent (npub1guh…6hjy) ODELL (npub1qny…95gx) calle 👁️⚡👁️ (npub12rv…85vg)