Vitor Pamplona on Nostr: An interesting revelation I had when talking to fishcake about nostr.build's new OTP ...
An interesting revelation I had when talking to fishcake (nprofile…f372) about nostr.build's new OTP using NIP-17 Giftwrapped DMs:
The OTP code is sent to the user only. The sender/server doesn't store a copy of the code. That is impossible to do on NIP-04.
If you send OTP via NIP-04, whoever has accept to the sender's key can decrypt and see all the codes. If you use NIP-17 DMs, the code is sent to the user and deleted from everything else.
The OTP code is sent to the user only. The sender/server doesn't store a copy of the code. That is impossible to do on NIP-04.
If you send OTP via NIP-04, whoever has accept to the sender's key can decrypt and see all the codes. If you use NIP-17 DMs, the code is sent to the user and deleted from everything else.