semisol's avatar
semisol semisol@nostr.land 3 months ago
To be fair, the same cryptographers that pushed for NIP-44, also lied about NIP-04 leaking private keys. The "attack" they presented would require: - A way to extract an AES key from a pair of chosen ciphertexts + their plaintext (or the other way around) - At least millions of rounds of user interaction in an unusual way - A way to forge signatures that uses keys derived from the user's private key
↑ Parent

Replies (1)

Vitor Pamplona's avatar
Vitor Pamplona _@vitorpamplona.com 3 months ago
No need to forge signatures if you only want to decrypt it. You can just build an app that uses Amber to sign locally. Doing millions locally is quite easy. Is fact, billions is quite easy. Again, I don't understand the need to give people the risk of somebody putting that together.
1 replies ↓