Thread

This is exactly how we all started.

GHOST 🛡️ 17 hours ago

It’s past time for cold root identity

GitHub - GHOST-UntraceableDigitalDissident/cold-root-identity: Reference implementation of cold root keys, deterministic epoch keys, and lineage proofs for Nostr.

Reference implementation of cold root keys, deterministic epoch keys, and lineage proofs for Nostr. - GHOST-UntraceableDigitalDissident/cold-root-i...

lkraider 13 hours ago

↩ replying to GHOST

Interesting, but why deterministic epoch labels instead of time beacons? Seems like a foot gun in which one could store future keys in an app (maybe a greedy app) and get those stolen, or if an attacker gets ahold of your HSM as oracle they could pre-gen your future identities. And since the protocol always accepts the latest created_at identity, a far future one would also always override the current one. I understand there are tradeoffs, and I am not sure if liveness was a design goal, but seems to me a non-deterministic time beacon could offer benefits here, plus a clear time boundary rule too. Otherwise, I would suggest including these guardrails: 1) Explicitly recommend apps/users never pre-generate/store future epoch private keys; derive only the current epoch on the hot device; keep root strictly offline. 2) Add client-side created_at sanity checks.

Vitor Pamplona 🛡️ 16 hours ago

No, thanks. I remember Anigma

tanel 16 hours ago

all my homies are nsexuals

👻 16 hours ago

If I don't understand what the interface is doing, and that's most of the time, then I'd rather not lol

il_lost_ 🛡️ 16 hours ago

where is nip-49? 🤔

Erik 16 hours ago

🤣🤣🤣🤙

Simply Nostr 🛡️ 16 hours ago

👏🏼👀🔥💯😳🤣🧡

crany 👽🧡🗿 🛡️ 16 hours ago

be careful with your nsec. it is your sovereignty on #nostr 💜 🗡️ View quoted note →

AU9913 15 hours ago

This is a bad meme. It's like saying using one password for all apps is wise.

Liberty Farmer 10 hours ago

↩ replying to AU9913

Except the nsec has to be the same by design. A password of a different app is not related.

someone 15 hours ago

you are not practicing safe nsecs! :) if nostr is going to become eventually 'No Other Social Trust Required' we have to be mindful of where we paste it because WoT algos may depend on us.

Niel Liesmons 15 hours ago

Accurate.

Niel Liesmons 15 hours ago

↩ replying to Niel Liesmons

Except the app tends to never be random.

Jor 🛡️ 5 hours ago

😆😆😆 The best part of this meme is that I never know if I'm on left side or right View quoted note →

Stirling Forge 4 hours ago

At this point I'm afraid to paste it into my own app that I'm making TBH. Seen the follow lists get nuked way too many times lol

Pete Winn 🔆 🛡️ 3 hours ago

Ha ha 😝 I wrote my own bunker and still do this half the time

Replies (18)