Currently NSEC is acting as a one key to rule them all concept. People are plugging their one key into all kind of apps, some secure, many not. If any of those apps are compromised, your entire account and every thing you logged into is compromised.
This is akin to using one password on all your accounts. It's bad OPSEC.
What I mean is we need a way to create multiple keys based on that ONE key pair, similar to creating a unique password for every account. This way, if one Nostr based app is comoromised only that "baby" key is compromised and not the "master" key that it came from. An option to "freeze" these keys or delete would be even better.
ava
npub1f6…azcka
2024-07-24 15:02:52
in reply to nevent1q…hj59
Author Public Key
npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazckaPublished at
2024-07-24 15:02:52Event JSON
{
"id": "e7ade75cc7a6620cc1b418515990de80b6f83e8eba0af25922e94dfe2d589719",
"pubkey": "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d",
"created_at": 1721826172,
"kind": 1,
"tags": [
[
"e",
"361761dd466132746e8e1ffb26b0de68b69f411057b756e335f0b43d71a72111",
"",
"root"
],
[
"e",
"2d5cb97f7cc218594c9aa4ac3fbf10a3ad3a6ad5820f04f3e9353f7e64da1817"
],
[
"e",
"9ab8ef71dbd6a3a98e25c30cbeb6be86c9ff48825fa2b73b94ed792bc74bb7c7",
"",
"reply"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c"
],
[
"p",
"4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d"
],
[
"p",
"f26626a94189b945a0f0146b16c4f8a6ced31b359848433fb6306f8d6eec3661"
],
[
"monero",
"85QFoZsSAsUGtod4oW3FDcSAVeoyZmhQwBR2dFTCEWcmZv1CPsY92YZhF6Rwd29DaZiYVuw39DDg5LmrRxeRPLqvPbeRYjh",
"1.0"
]
],
"content": "Currently NSEC is acting as a one key to rule them all concept. People are plugging their one key into all kind of apps, some secure, many not. If any of those apps are compromised, your entire account and every thing you logged into is compromised.\n\nThis is akin to using one password on all your accounts. It's bad OPSEC.\n\nWhat I mean is we need a way to create multiple keys based on that ONE key pair, similar to creating a unique password for every account. This way, if one Nostr based app is comoromised only that \"baby\" key is compromised and not the \"master\" key that it came from. An option to \"freeze\" these keys or delete would be even better.",
"sig": "53fe1296bb1983013eb0b7cb5e012ab1d5539c5d2480d2081f9fdb65f048b7817ac04cf98e0b03d95597adf832d05f8557000f325c2a736cbc24f3296ce0ab74"
}