Javier on Nostr: #nostr devs and evangelists need to remember ONE thing. As much work as a normie like ...
#nostr devs and evangelists need to remember ONE thing.
As much work as a normie like me or others will do to protect our keys, we live in a compromised network by default right now. From Internet service providers to DNS, to emails, etc., vulnerabilities, spyware, and malware exist at every level.
The chances of clients, extensions, phones, keyboard tracking, networks, etc., being surveilled are extremely high.
In short, key rotation or some other safeguard in the future should be on the radar. Not even giving it a thought is naïve. It assumes we can truly keep our keys uncompromised. We can try, but eventually, if a state-funded surveillance machine comes after you, it's very likely you and I will fail. Unless everything is kept completely offline, and even then, at some point, you still need to input your key somewhere.
I’m fine with this risk for now, but we have to assume that, for 99% of users, keys can be compromised despite their best efforts. And once that happens, someone else can sign your events.
I don’t know the solution, but maybe when creating your Nostr identity, you could have two or three nsec keys.
1) One nsec key is your normal one.
2) If you get compromised (not if you lose it), you would need to input your second nsec key + first nsec key.
Something like that. This wouldn’t prevent poor key management, but it would help mitigate stolen keys, as the chances of a thief having the second or third key are much lower.
As much work as a normie like me or others will do to protect our keys, we live in a compromised network by default right now. From Internet service providers to DNS, to emails, etc., vulnerabilities, spyware, and malware exist at every level.
The chances of clients, extensions, phones, keyboard tracking, networks, etc., being surveilled are extremely high.
In short, key rotation or some other safeguard in the future should be on the radar. Not even giving it a thought is naïve. It assumes we can truly keep our keys uncompromised. We can try, but eventually, if a state-funded surveillance machine comes after you, it's very likely you and I will fail. Unless everything is kept completely offline, and even then, at some point, you still need to input your key somewhere.
I’m fine with this risk for now, but we have to assume that, for 99% of users, keys can be compromised despite their best efforts. And once that happens, someone else can sign your events.
I don’t know the solution, but maybe when creating your Nostr identity, you could have two or three nsec keys.
1) One nsec key is your normal one.
2) If you get compromised (not if you lose it), you would need to input your second nsec key + first nsec key.
Something like that. This wouldn’t prevent poor key management, but it would help mitigate stolen keys, as the chances of a thief having the second or third key are much lower.
quoting nevent1q…7gljMy presentation about Nostr on #FOSDEM 2025.