Oddbean new post about | logout
ChipTuner | 2 months ago (raw) | root | parent | reply | flag +1 
 So, I wonder over the long term how much information can be leaked because it's publicly available on relay-servers?

I've shared my concerns with nip46 signing with public relays and clients hoovering decryption requests to see when and where you are decrypting your secrets. Even cryptographically how much noise might be generated when the whole world has your ciphertext message and can see you encrypt/decrypt your "passwords". You can hope relays require auth, but should trust them. 

Of course there really is no way around it in your app, but for me, the less personal information stored on relays the better. I deny all client requests to even store my preferences because just store them locally unless I ask otherwise.
Tim Bouma | 2 months ago (raw) | root | parent | reply | flag +1 
 The next step would be private, personal relays running on your device/phone.  I am working with the assumption that your personal data is being stored by an adversary to begin with. It’s all about tradeoffs.
ChipTuner | 2 months ago (raw) | root | parent | reply | flag +2 
 > It’s all about tradeoffs.
For sure I just wonder how hard we should be relying on nip44 (I wrote the reference C impl) to protect us from ciperhtext hoovers and leakage, since it should be assumed the instance you publish your encrypted note its available to anyone in the world within seconds probably.
Tim Bouma | 2 months ago (raw) | root | parent | reply | flag +2 
 Good question. @Max Hillebrand suggested to additionally encrypt the content with AES/password before encrypting with NIP-44. So long the password is stored out of band completely, it still should be protected if the nsec is compromised. 

In the end, all security relies on the protection of a private key stored somewhere. I’d like to have that under my control versus a randomly trusted admin.