Tim Bouma on Nostr: You spoke and I listened. Everyone loves the idea of a NFC card for #nostr #safebox ...
You spoke and I listened.
Everyone loves the idea of a NFC card for #nostr #safebox but many were concerned about the security.
So I added a PIN that the holder would memorize or write down separately from the card. If the card is stolen, without the PIN, it completely useless. If the holder re-issues a new card, then the stolen card is completely dead.
All of functions the use the card can optionally request a PIN and send it along to the vault. If the PIN does not validate, then nothing. This is over and above all of the other security measures. In my opinion this is just as strong as those card and payment terminals out there - even better because all of logic and code exists on the server. And if the vault doesn't trust the server, then nothing happens
Published at
2025-07-18 19:28:33 GMTEvent JSON
{
"id": "7a1e99b20aeab3f7ab0afd70f8f78d76b1aeb43296446557d91c3774d387ef7b",
"pubkey": "06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c",
"created_at": 1752866913,
"kind": 1,
"tags": [
[
"t",
"nostr"
],
[
"t",
"safebox"
],
[
"r",
"https://image.nostr.build/f1e513320208fd670c792e16276d512ee19330a32ac969a3f4d6ee4e5c4053e4.jpg"
],
[
"imeta",
"url https://image.nostr.build/f1e513320208fd670c792e16276d512ee19330a32ac969a3f4d6ee4e5c4053e4.jpg",
"x bc59673c13a8fc3e6578761a917306cfee61f78f724d0efba8a702ce0bf71425",
"size 116401",
"m image/jpeg",
"dim 1076x1344",
"blurhash _KHoI6t7D%ayIUj[IUxuayayj[ayj[ay00WBt7fQxuj[xuIUfQj[j[fQayof~qfQWBj[WBfQWBofj[WBayWBj[j[-;j[ayfQWBayay%Mayayj[j[fQWB4nayofj[ofayof",
"ox bc59673c13a8fc3e6578761a917306cfee61f78f724d0efba8a702ce0bf71425",
"alt "
]
],
"content": "You spoke and I listened. \n\nEveryone loves the idea of a NFC card for #nostr #safebox but many were concerned about the security. \n\nSo I added a PIN that the holder would memorize or write down separately from the card. If the card is stolen, without the PIN, it completely useless. If the holder re-issues a new card, then the stolen card is completely dead.\n\nAll of functions the use the card can optionally request a PIN and send it along to the vault. If the PIN does not validate, then nothing. This is over and above all of the other security measures. In my opinion this is just as strong as those card and payment terminals out there - even better because all of logic and code exists on the server. And if the vault doesn't trust the server, then nothing happens\n\n\nhttps://image.nostr.build/f1e513320208fd670c792e16276d512ee19330a32ac969a3f4d6ee4e5c4053e4.jpg",
"sig": "b1ea596867873fbeac15a72b4dcae4c396c99f10508b56969763c9f63c69fab7b8abbc3fc0bd43f590180c44d71d1af0c58488c389d78318eeeb447804ed894a"
}