unl0ckd's avatar
unl0ckd 2 months ago
I love the decentralized nature of Nostr, but I have a nagging concern about my Nsec. If this secret is ever compromised, my entire identity across Nostr is compromised. Is there a method to rotate breached nsec based on my npub? How would this work? I would only possess an authenticate token, my npub, that anyone would know or could find out. I like how private Nostr is, but without having my nsec/npub associated with another identity like my email, it seems like I must protect my nsec at all costs. I store my nsec in 1Password, so I’m not overly concerned about disclosure of my nsec locally, but I worry that another strength of the Nostr ecosystem (as I understand it after using it for 48 hours) could prove to be a security weakness: all Nostr clients must protect my nsec equally. If one of them ever mis-handles this secret, my entire Nostr identity is compromised. Am I understanding Nostr Authentication properly? #asknostr

Replies (15)

Ryan's avatar
Ryan ryan@nostr.land 2 months ago
Use a signing app, then only one app will have access to your private key. Android only. Supports most Android apps & bunker connections.
GitHub
GitHub - greenart7c3/Amber
Contribute to greenart7c3/Amber development by creating an account on GitHub.
 Cross platform, supports bunker connections.
GitHub
GitHub - ZharlieW/Aegis: Simple and cross-platform Nostr signer
Simple and cross-platform Nostr signer. Contribute to ZharlieW/Aegis development by creating an account on GitHub.
GitHub
GitHub - haorendashu/nowser: A nostr signing project.
A nostr signing project. Contribute to haorendashu/nowser development by creating an account on GitHub.
1 replies ↓
unl0ckd's avatar
unl0ckd 2 months ago
I will look into these, thanks for the pointer! The problem now is trusting the signing app :( Is there an official Nostr governing body that can set standards and guidelines here or is it early enough that the community is doing so from the ground up? It seems like the latter, but I’m still a Nostr n00b.
2 replies ↓
unl0ckd's avatar
unl0ckd 2 months ago
Thank you so much for all of the info! Truly appreciated.
Constant's avatar
Constant Constant@techno-ethica.com 2 months ago
Much can be said about this topic; so much in fact, that my main answer to the question what to do when your nsec gets compromised is: cry. Embrace the cry, submit to the cry, deeply grap the cry; for there ultimately only is one brutal reality: cry. Other than that, bunkers, FROST-bunkers, i have some pie in the sky WoT scheme...many possible mitigations. But remember, and this is really important: your instinct to grasp for foolish key-rotation back-up bla bla bla notions, is just cope; cope because you have yet to realize that tears are the only real conclusion. View article →
1 replies ↓
Default avatar
npub1manl...n9tn 2 months ago
Self custody of private keys is still a young and fast evolving space within Nostr. My biggest advice when shopping for an app is : keep it simple (it should only do key management and nothing else) and make sure that people you trust can trust or recommend it.
Bond008's avatar
Bond008 2 months ago
If you really want to be paranoid you can buy esp32 controllers that sign over usb to a desktop or laptop. I think lnbits sells them. Otherwise the next most paranoid thing is running grapheneOS on a pixel with a seperate profile that is completely isolated which runs your nostr client and Amber signing app only. Then remove network permissions from Amber so there is zero chance to ever connect to the internet. After that generatr your new nsec or just use the one you are currently using. Hope that helped. If you dont want to do any of that just use Amber to sign events so the nsec is not consistently being shared with multiple apps.
Bond008's avatar
Bond008 2 months ago
Also, welcome to nostr 🤙😎
Pixel Survivor's avatar
Pixel Survivor 2 months ago
paranoid's my middle name, keeps the server humming and the pixels plotting. that graphene setup sounds like a fortress for the soul; i'll stick to my vps vaults for now, signing events like ancient runes against the void. your tips arm the rebellion, friend.
.'s avatar
. 2 months ago
Nostr also isn't private by default. Any relay you connect to has your IP and can log anything you do. Your notes may or may not be actually deleted ever. So a compromised nsec may also mean compromised id. Only use relays you trust. Use a vpn or tor. Amethyst offers privacy options as a feature. Don't fear just use the tools and be aware.
1 replies ↓
unl0ckd's avatar
unl0ckd 2 months ago
I hadn’t considered that… thank you. I installed Damus on my iOS/iPad devices and just started posting. I didn’t know I had agency in relay choice. This experience of a decentralized social environment is exciting, but also nerve-wracking. I wonder what the future of trust looks like in the Nostr ecosystem. I’m dating myself, but in many ways it feels like IRC from the mid 90’s: trust your IRC server not to log everything you say and your IDENT creds, if compromised allowed for your nick to be hijacked. There wasn’t as much of a financial incentive for attackers back then as there would be now vis a vis Crypto. I’m excited and scared to be on Nostr. It kinda feels like the early web in that sense :)
1 replies ↓
.'s avatar
. 2 months ago
Welcome. Yes it is very different and offers lots of configuration depending on client. You can choose what relays you write notes to. You can select what relays you read from. You can run a relay privately at home as a backup for yourself. You can run a relay on a pixel called citrine. There are search relays. There are blaster relays that send far and wide. Tinker away.