SimplifiedPrivacy.com on Nostr: If you're looking for a fancy academic whitepaper, here is one example: An Analysis ...
If you're looking for a fancy academic whitepaper, here is one example:
An Analysis of the ProtonMail
Cryptographic Architecture
Nadim Kobeissi
September 6, 2021
https://eprint.iacr.org/2018/1121.pdfand the part me & you are talking about is:
Pg 7 of 14.
Section 4.1.1
If you're looking for me to say it to you in raw shit, here it is:
When you use Nostr you have the private key on your device, browser extension or client.
When you use Protonmail, their web app is unlocking/signing/or generating for you the private key stored via encryption on their server. So there are many ways they can screw with you. Including SOME:
a) serving you bogus code to phish the password
b) telling you the other proton guy's public PGP key is something else
c) brute forcing you, they have unlimited attempts with no time lock. And your password is weaker than a PGP Key.
d) messing with you during registration to begin with
Published at
2024-06-16 03:04:44Event JSON
{
"id": "ce48b0039d8030f3696407b3ff43f5e1060efe54d612936c3956355c0f87cca0",
"pubkey": "ac3f6afe17593f61810513dac9a1e544e87b9ce91b27d37b88ec58fbaa9014aa",
"created_at": 1718507084,
"kind": 1,
"tags": [
[
"p",
"0c3d79f69083fdbdf2a8c884bc9f77bb8c03fef9b3f394cac6973a7b6fbed00c"
],
[
"e",
"9c77ce5cb02eb93b16091241a9551df8d264a4485d7e78469147a9702e90fb0a",
"wss://relay.nostr.bg/",
"root"
],
[
"e",
"2196600e5962c7e62b8a36b04a33f39a155ebdeb82143f04b04d092da53b523f",
"wss://nos.lol/",
"reply"
]
],
"content": "If you're looking for a fancy academic whitepaper, here is one example:\n\nAn Analysis of the ProtonMail\nCryptographic Architecture\nNadim Kobeissi\nSeptember 6, 2021\nhttps://eprint.iacr.org/2018/1121.pdf\n\nand the part me \u0026 you are talking about is:\nPg 7 of 14.\nSection 4.1.1\n\nIf you're looking for me to say it to you in raw shit, here it is:\n\nWhen you use Nostr you have the private key on your device, browser extension or client.\n\nWhen you use Protonmail, their web app is unlocking/signing/or generating for you the private key stored via encryption on their server. So there are many ways they can screw with you. Including SOME:\n\na) serving you bogus code to phish the password\nb) telling you the other proton guy's public PGP key is something else\nc) brute forcing you, they have unlimited attempts with no time lock. And your password is weaker than a PGP Key.\nd) messing with you during registration to begin with",
"sig": "805e68051e5b9cfdbdf96c565e91bd43d8e4484482ec68416142ea349fa11657be3fbfbdf5f82ff6fee2ef135e73472c414da637a3c512be9999afa274fcdcb8"
}