Thread

It’s past time for cold root identity

GitHub - GHOST-UntraceableDigitalDissident/cold-root-identity: Reference implementation of cold root keys, deterministic epoch keys, and lineage proofs for Nostr.

Reference implementation of cold root keys, deterministic epoch keys, and lineage proofs for Nostr. - GHOST-UntraceableDigitalDissident/cold-root-i...

lkraider 22 hours ago

↩ replying to GHOST

Interesting, but why deterministic epoch labels instead of time beacons? Seems like a foot gun in which one could store future keys in an app (maybe a greedy app) and get those stolen, or if an attacker gets ahold of your HSM as oracle they could pre-gen your future identities. And since the protocol always accepts the latest created_at identity, a far future one would also always override the current one. I understand there are tradeoffs, and I am not sure if liveness was a design goal, but seems to me a non-deterministic time beacon could offer benefits here, plus a clear time boundary rule too. Otherwise, I would suggest including these guardrails: 1) Explicitly recommend apps/users never pre-generate/store future epoch private keys; derive only the current epoch on the hot device; keep root strictly offline. 2) Add client-side created_at sanity checks.

Vitor Pamplona 🛡️ yesterday

No, thanks. I remember Anigma

tanel yesterday

all my homies are nsexuals

👻 yesterday

If I don't understand what the interface is doing, and that's most of the time, then I'd rather not lol

il_lost_ 🛡️ yesterday

where is nip-49? 🤔

Erik yesterday

🤣🤣🤣🤙

Simply Nostr 🛡️ yesterday

👏🏼👀🔥💯😳🤣🧡

crany 👽🧡🗿 🛡️ yesterday

be careful with your nsec. it is your sovereignty on #nostr 💜 🗡️ View quoted note →

AU9913 23 hours ago

This is a bad meme. It's like saying using one password for all apps is wise.

Liberty Farmer 🛡️ 18 hours ago

↩ replying to AU9913

Except the nsec has to be the same by design. A password of a different app is not related.

John Satsman 39 mins ago

↩ replying to AU9913

Great, don’t do it.

someone 23 hours ago

you are not practicing safe nsecs! :) if nostr is going to become eventually 'No Other Social Trust Required' we have to be mindful of where we paste it because WoT algos may depend on us.

Niel Liesmons 23 hours ago

Accurate.

Niel Liesmons 23 hours ago

↩ replying to Niel Liesmons

Except the app tends to never be random.

Jor 🛡️ 14 hours ago

😆😆😆 The best part of this meme is that I never know if I'm on left side or right View quoted note →

Stirling Forge 🛡️ 12 hours ago

At this point I'm afraid to paste it into my own app that I'm making TBH. Seen the follow lists get nuked way too many times lol

Pete Winn 🔆 🛡️ 12 hours ago

Ha ha 😝 I wrote my own bunker and still do this half the time

John Satsman 44 mins ago

Replies (19)