Oddbean new post about | logout
wolfbearclaw | 9 months ago (raw) | root | parent | reply | flag +2 
 From the site: “Your nostr keys are stored encrypted with a passphrase you provide and must be decrypted by you before they can be used”
Lux | 9 months ago (raw) | root | parent | reply | flag 
 So is your passphrase salted? Is that saved somewhere? Or you have to enter each time to decrypt and sign?
The Fishcake🐶🐾 | 9 months ago (raw) | root | parent | reply | flag +2 
 Don’t trust, verify! 🐶🐾🫡
nostr:note1pzcttlcgylnxlnry4ul4px02se9q8e4nd07f23rp7v2ke52zy3yshyf9wf
Lux | 9 months ago (raw) | root | parent | reply | flag 
 So passphrase is only used at runtime and not stored in mem?
The Fishcake🐶🐾 | 9 months ago (raw) | root | parent | reply | flag +1 
 I don’t know but if the service has access to both (encrypted nsec and passphrase), then it is not hard to get a clear text nsec. It is clearly stored in mem since it’s in variable 🐶🐾🫡