Oddbean new post about | logout
 Let's say I wanted to make an application built on nostr, and I want to utilizes nostr auth. 
To take some burden off more normie users, I was thinking the service could store an ncrypt for the user. 

From the users perspective, they just have to remember a password like any other site. But under the hood, the ncrypt can be sent down an stored in local storage (if missing). And then the user can unlock it with the password to sign events client side.

I'm trying to think from a security perspective if there's any harm in the server storing the ncrypt. It's basically like storing a hashed password, but if the key is ever leaked, then someone with access to the DB could reveal the nsec.