Oddbean new post about | logout
 i'm working on a codebase at the moment that uses a simple per-key 
password (or not) option. i considered creating a keyfile that can be 
used to encrypt multiple keys but i realised this was the wrong 
approach.

the better approach is to build a secondary encryption key management system that has one or multiple secrets unlocked by one or multiple passwords, in the same manner as used with dm-crypt and LUKS disk encryption. 

the crossing of the boundaries between the two systems with merging these two models into one creates more problems than it solves.

fiatjaf, of all people, you would think that he understands that systems should be simple and be layered, for reasons of simplicity and for reasons of security...

for this problem, what we need is a separate layer that keeps track of the grouped items. the users posts. the post threads. the subjects, the hashtags. these are second layer, and applying second layer techniques to first layer systems leads you to a mess.

nostr:nevent1qqs0svxgxfn66fwxy53ty55pymu82la9k73qrnuca3d9g5dcrzrzm3gpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qy88wumn8ghj7mn0wvhxcmmv9uq3samnwvaz7tmjv4kxz7fwwpkx2cnnw3ezucm0d5hszxrhwden5te0wfjkccte9e3h2unjv4h8gtnx095j7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qgnwaehxw309ahkvenrdpskjm3wwp6kytcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszyrhwden5te0v5hxummn9ekx7mp0qy08wumn8ghj7mn0wd68yttsw43zuam9d3kx7unyv4ezumn9wshszxnhwden5te0wfjkccte9emk2mrvdaexgetj9ehx2ap0faaxfp