Oddbean new post about login | logout > It’s all about tradeoffs. For sure I just wonder how hard we should be relying on nip44 (I wrote the reference C impl) to protect us from ciperhtext hoovers and leakage, since it should be assumed the instance you publish your encrypted note its available to anyone in the world within seconds probably.
Good question. @Max Hillebrand suggested to additionally encrypt the content with AES/password before encrypting with NIP-44. So long the password is stored out of band completely, it still should be protected if the nsec is compromised. In the end, all security relies on the protection of a private key stored somewhere. I’d like to have that under my control versus a randomly trusted admin.