Secure storage and transfer are the goal indeed.
Encrypting the nsec locally should be default and NIP-49 has great promise. Especially if it's easy to check whether a FOSS app implemented it and does ONLY that with your nsec. Very cool things you can do then.
Issues I ran into though:
1. How do you transfer the encrypted nsec to another device? Once it's out there, it's out there and your single password will be hacked in no time.
I thought of automatically sending their encrypted nsec to their phone number or email on sign-up with a sign-up link for other devices etc... But hzrd149 (npub1ye5…knpr) quickly made me realize how dumb that was.
2. How do I onboard users to actual keys (nsec + npub), give them agency, make it fun and have it work for every language?
3. How do they secure their key beyond their device? 12 random English seed words on paper, really!?
4. NIP-05 + password is the worst of both Big Tech and Nostr. (it took me a while and actual tests to see why)
Normies do NOT understand it. It's not an email but looks like it. Why can't they use their own email? Sometimes it's hosted locally, sometimes it's in the cloud. It has a delay. It relies on domains being available. Etc...
nielliesmons / Niel Liesmons
npub149p…722q
2024-05-31 17:05:17
in reply to nevent1q…lr50
Author Public Key
npub149p5act9a5qm9p47elp8w8h3wpwn2d7s2xecw2ygnrxqp4wgsklq9g722qPublished at
2024-05-31 17:05:17Event JSON
{
"id": "a1227a48b5c474ff5463dc69bec4dcb478a15c0b69db69b00541bc3e91e3ea3c",
"pubkey": "a9434ee165ed01b286becfc2771ef1705d3537d051b387288898cc00d5c885be",
"created_at": 1717167917,
"kind": 1,
"tags": [
[
"e",
"52fb2f1726f89c36d6d22f4018c53d7dc555769343e9d44bc279e62bf346da82",
"wss://eden.nostr.land/",
"root"
],
[
"e",
"8b151604d58a5182739e14b74aa757da5af902ba54343cf2068ac8def4dde3d1",
"wss://nostr.wine/",
"reply"
],
[
"p",
"df67f9a7e41125745cbe7acfbdcd03691780c643df7bad70f5d2108f2d4fc200",
"",
"mention"
],
[
"p",
"266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5",
"",
"mention"
]
],
"content": "Secure storage and transfer are the goal indeed.\n\nEncrypting the nsec locally should be default and NIP-49 has great promise. Especially if it's easy to check whether a FOSS app implemented it and does ONLY that with your nsec. Very cool things you can do then. \n\nIssues I ran into though:\n1. How do you transfer the encrypted nsec to another device? Once it's out there, it's out there and your single password will be hacked in no time. \nI thought of automatically sending their encrypted nsec to their phone number or email on sign-up with a sign-up link for other devices etc... But nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr quickly made me realize how dumb that was.\n2. How do I onboard users to actual keys (nsec + npub), give them agency, make it fun and have it work for every language? \n3. How do they secure their key beyond their device? 12 random English seed words on paper, really!? \n4. NIP-05 + password is the worst of both Big Tech and Nostr. (it took me a while and actual tests to see why)\nNormies do NOT understand it. It's not an email but looks like it. Why can't they use their own email? Sometimes it's hosted locally, sometimes it's in the cloud. It has a delay. It relies on domains being available. Etc...",
"sig": "9a99e5e6ca7e5e53aaf3538de47720ebbd65750e0014e71da074025ec64d3ecae75e1f0ac8164b458ed908853df05e1f8ef9c72d4c2fde4dfde66894b9e5fb44"
}