#asknostr
#Nostr is on high risk as well; based on npub... they can long range attack you and get your nsec in a few years
View quoted note →
Login to reply
Replies (15)
This is why we need robust key rotation specs
A basic start would be adding a profile metadata field for alternate keys and making sure that metadata field is always timestamped by default
Most are distracted by their own opinions here. Don't feel bad if nobody replies.
(I'm not smart enough to have an opinion on this topic)
But imho these are just temporary patches and dont really resolve the core problem. We might need a completely new address format and start from new.
Sometimes people appear naive and blind for the obvious, or am I paranoid?
How would a new address format help? Just making it longer to add more randomness or am I missing something?
What I try to say is that #Nostr is npub based, thus vulnerable to long range attacks, like the old P2PK #Bitcoin addresses
How did changing address format fix that for Bitcoin?
once QC actually start to do ANYTHING, everything is at risk. They haven't done anything yet though, let alone break encryption or DSA. It's good to keep an eye on it, but I don't get the panic
pubkeys are derived from privkeys by ECC, which can be vulnerable to Shor's algorithm by simply calculating your privkey out of your pubkey. As long as your pubkey is not revealed, there can be no long range attack. P2WSH/P2WPKH only reveal a UTXO address specific pubkey when you spend them (so you have about 10 min for a short range attack).
But this disruption is inevitable sooner or later. And yes, you're absolutely right, everything is at risk, from banks to ssh to tls....
#Bitcoin as our one and only freedom money will probably be the very first target of the globalistic NWO.
Thanks for the explanation 🤙
I might have to update my list of essential shit nostr needs View quoted note →
Great list! 👍🧡
Maybe also consider adding an audit to Tor attack vectors like timing analysis / Sybil attacks, especially if #Nostr is used for direct communication.
Cointelegraph
Is Tor still safe after Germany’s ‘timing attack?’ Answer: It’s complicated...
German authorities revealed a darknet admin’s identity by exploiting a flaw in Tor’s encryption. Is Tor still safe?
Maybe in general "we need more security audits" should be a point in the list
Or is there something more specific I'm missing for a Tor section of the list?
Tor is imho the backbone of our privacy. We need to donate more for ita development and node maintenance and/or run a node ourselves if we have the technical skills and expertise to do so.
Agreed