So, take what you just said and apply it to your original post and make it make sense. Without concluding "I can't take security that seriously so why try?" Again, that make the protocol you've spent years on, useless. And it's generally a irresponsible position to take.
Replies (5)
It's not useless. It's just not the hardcore crypto security you would usually see. Our apps REQUIRE a hot key loaded in memory at all times. There is no way to do cold wallets. We are literally always in the line of fire. We can't protect anyone against compromised systems and most phones are compromised.
I You agree that you will never have security if keys are placed on a network connected device. Then, all we can do is to minimize the damage and let people play while they can.
Your deduction doesn’t follow: if something happens to be temporary (and someone reminds you of this) does not mean that something is useless or even unsafe, security always being relative to convenience whether in time or surface area of another sort.
Why is it temporary? Do Nsecs have an expiry?
HSM key signer is entirely possible. Massively reduces risk down to physical access. But fair enough if sessions can't be batched and signed PSBT style then yes, there's a compromise risk.
secure namecoin key pointing to your latest npub seems pretty good
