Oddbean new post about | logout
 deriving shared secrets out of a message from your nsec should not require permission at all. at all.

if someone is already inside your browser or computer that's a whole separate problem to signing stuff and sending it out, i really hope you get the distinction 
 Shared secrets gives you something durable that clients can quietly exfiltrate to spy on users later. Not a good idea IMO, but others disagree 
 if they can get at the shared secret they probably can get at the nsec, how far separated are those two things? 
 hint: you can't derive the shared secret without the secret. it's one step. one.

security of the nsec and derived secrets is almost unity

the actual data it decrypts, that's your computer it's on, it's not being SENT ANYIWHERE ffs guys, please, get some fucking realism in your threat models

if you can't trust the computer, why you use the computer?

oh yeah, because it isn't a leaky sponge like you are trying to make it out to be, yet somehow it is secure in other ways

no, fuck you. decrypted messages are adjacent to the fucking nsec