Oddbean new post about login | logout We have to decide if logging in with nostr is a desire-able thing to have. The ecosystem seems to be moving to passkeys, i don’t see why we necessarily need npub identities for login. There are many reasons you wouldn’t want that: privacy, etc.
Logging in with nostr was a big plus for me but I’m not a normal use case.
What are passkeys?
https://developer.apple.com/passkeys/ https://developers.google.com/identity/passkeys https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
So a private key is stored locally on device and the corresponding public key is stored in the server. That’s pretty much just Nostr sign-in. The only difference is that passkey approach generates a new key for every app. It’s like using a different private key for every nostr client.
Sounds like a massive difference. A compromised nsec would be catastrophic.
Yes. This discussion has changed my attitude towards Nostr Signin/Connect
They’re login tokens that are encrypted on your device and tied to a master identity.
Passkeys are utter trash in implementation but the underlying concept is good npub login is flawed because it can’t support multi identity and is non-private by design
And also they don’t use obscure shit like BIP304 signatures so they can be put onto a secure element
All the "hardware wallet" implementations for Bitcoin show that you can make a secure element for BIP340 just fine.
Specialized SEs != TPMs in computers, SEs in phones, etc
BIP340 are Schnorr signatures? From: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf Section: C.4.3 EC Schnorr "If a TPM supports ECC, it should support the TPM_ALG_ECSCHNORR scheme."