ManiMe on Nostr: Careful with that ncryptsec “login” … nsec encryption is only as strong as WHO ...
Careful with that ncryptsec “login” … nsec encryption is only as strong as WHO YOU GIVE YOUR PASSWORD TO.
As it is … there isn’t a client side library for decrypting without revealing your NSEC to the client.
Indeed, many clients supporting ncryptsec “login”, only need your password once … cause they store your decrypted NSEC on the device.
So there’s that…
Published at
2024-09-28 18:07:06Event JSON
{
"id": "d7ce51e1a15357f7202225da676b26639bcb43dddb19dffbb29691dbaa3323d7",
"pubkey": "df67f9a7e41125745cbe7acfbdcd03691780c643df7bad70f5d2108f2d4fc200",
"created_at": 1727546826,
"kind": 1,
"tags": [
[
"e",
"c3654c66320f94112f7cd41d305a47d3d9e0c0208afa8fc7cdddd4bcc6fde2f7",
"",
"root"
],
[
"p",
"623ed218de81311783656783d6ce690b521a89c4dc09f28962e5bfd4fa549249"
],
[
"p",
"6e468422dfb74a5738702a8823b9b28168abab8655faacb6853cd0ee15deee93"
],
[
"client",
"Nostur",
"31990:9be0be0fc079548233231614e4e1efc9f28b0db398011efeecf05fe570e5dd33:1685868693432"
]
],
"content": "Careful with that ncryptsec “login” … nsec encryption is only as strong as WHO YOU GIVE YOUR PASSWORD TO. \n\nAs it is … there isn’t a client side library for decrypting without revealing your NSEC to the client. \n\nIndeed, many clients supporting ncryptsec “login”, only need your password once … cause they store your decrypted NSEC on the device. \n\nSo there’s that…",
"sig": "ab4a01a997594334a0aecc7b299bc7444d18e9931599c2165ac6eceb08b3531a12d38028ccbd97e2143561c9fc4cc3069c0e2573d5e7ac5d4e50d49c36c2df48"
}