Thread - Nostr Hypermedia

Tim Bouma trbouma@getsafebox.app 3 weeks ago

I address this issue in the security caveats. If you keep scanning local, no problem. If you use a scanning server, every key is like a root equivalent. BIP 352, because you have hardened derivation from the nsec, this is not a problem. With this approach, you do.

Gist

Nostr Silent Payments

Nostr Silent Payments. GitHub Gist: instantly share code, notes, and snippets.

↑ Parent

Replies (1)

semisol semisol@nostr.land 3 weeks ago

I have never liked the approach of “fixing” security issues by just marking them out of scope. Cryptography needs to be resistant to footguns. You should NOT be able to misuse without going out of your way. This trivially allows that with a simple oversight

1 replies ↓

↑