Thread - Nostr Hypermedia

We’ve seen relays nuke their databases regularly which means users would ultimately rely on the breez relay to store their salt. As a user I personally prefer icloud to store my data longterm independent of a wallet vendor. But it is a matter of taste. CSPP derives a master encryption key independent of the passkey to encrypt the nsec and stores the ciphertext besides the salt in icloud. Without it users would need to rotate their nsec when they rotate their passkey. I believe this is an important feature for the management of longterm user keys. But PRF will be used in many different ways by different vendors. So I don’t expect convergence on one standard.

↑ Parent

Replies (2)

tank 2 weeks ago

Oh and users get 2FA for free as an additional security layer when using iCloud/GDrive. Apple even makes users enable 2FA when storing passkeys

Apple Support

Use passkeys to sign in to websites and apps on iPhone

On iPhone, use passkeys to securely and easily sign in without passwords to websites and apps.

Yaacov Akiba Slama 2 weeks ago

1. The client can regularly check the relays and republish the list of salts if they are deleted. 2. Every vendor can setup their own relay. 3. The list of salts is backup-ed automatically by ios/android because its in the app data and is not "secret". 4. The same list can be exported by the client to a simple text file if the user wants a wallet independent backup and doesn't want to run any app using this protocol for a long time. 5. Passkey rotation is generally not needed because the secret part of the passkey is not supposed to leave the TEE except when migrating from one vendor to another (using a secure protocol like CXP). In the exceptional case of a passkey compromise, the user can always move its funds to another wallet using a new passkey. 6. The UX cost of using iCloud/GDrive is very high (login, vendor auth)

1 replies ↓