…wait, what?! 

 I think he is being sarcastic. There is no easy way to do this as far as I know  

 after listening to the clip, it sounds like it would have to be trillions of signatures…

not even #nostr is at risk, let alone #bitcoin 

 Thanks for doing the hard work for #tardstr 

 just doin’ my job 😝🤙

it’s a #tardstr life 

 Hello new #tardstr fren 
https://m.primal.net/IyFM.jpg 

 What systems would be at risk of an attack like this? Don’t most modern Bitcoin wallets use different private keys for each address? 

 No shit? How possible? How many signatures does it take to make this trivial? 

 It's not possible. End of the discussion even admits it.  

 In the source @Super Testnet says he doesn't really know, ask a cryptographer.

Also I have heard this before, so I really don't know. AI says it is not possible. 

 What AI says should not matter under any circumstance whatsoever in any discussion which isn't specifically about what AI systems would say. 

 I agree. I used that Venice.AI tool and asked what the largest word from BIP39 was and it told me it was "abandon" and then after some prompting it told me the largest was a 10 letter word that doesn't exist in the list.

Maybe it's just that one, but I am thoroughly unimpressed.

It may have been the same AI that told me that someone with access to the same dice could replicate entropy so dice rolls are not safe for generating private keys. If an AI has become sentient and is acting maliciously, this is it. 

 Context:

nostr:nevent1qqspux2vrt5ppfdv0ndfw0l2guejal3l76yzu64nlfs9h0e0sn8f7pqpremhxue69uhkummnw3ez6ur4vgh8wetvd3hhyer9wghxuet59upzqrvhh6h9vl7we8r9wncudmmpym4fd82fjtp3nrj3crav2tzjwjs5qvzqqqqqqyqr2lev 

 You shouldn't use systems of this sort to ask questions and then believe the answer. You shouldn't believe any answer by anyone, let alone an AI system, unless it's a reputable source or the answer contains a good argument or you can verify it.

AI language models are useful for exactly that: modelling language. For example, they can change the style of writing of a paragraph. Even in that case you should verify the output every time, and it will be wrong many times, but it can still be useful with a decent success rate. 

 Source: https://www.youtube.com/watch?v=zVAGsv8bJX0 from @Vlad

(Wouldn't it be great if we could reference podcasts natively inside Nostr instead of using YouTube links? But unfortunately that is not in the realm of possibilities for the current world: https://github.com/nostr-protocol/nips/pull/1093) 

 Agreed!
Was just this morning thinking how important it is for content creators to post their stuff on Rumble as well, even though it’s centralized, at least it has more chance against censorship than YouTube.
Could bitcoin.tv be a solution,
how censorship resistant is it? @wiz? 
https://bitcointv.com/about/instance 

 you can create clips with  @CASCDR

https://cascdr.vercel.app/?tab=yitter 

 Yup it’s under CASCDRVision on that link 

 We have this capability with CASCDRVision at https://cascdr.xyz/?tab=yitter . The front end and the back end are decoupled and the API can be consumed however you like. If you’d like to collaborate or get more info DM me I’m happy to help. 

 The json point is weird. Most apps use json/graphql. This isn’t even the slowest thing. Signature validation is. Bandwidth wise, json isn’t that much smaller than binary. After we switched to a threadpool for note sig validation, its not even that much of an issue anymore @Super Testnet 

 json isn’t much bigger* 

 If this is so obvious then why are we ok with such lack of security here on nosrt? I'm not a dev but I would think that those who are (brilliant as they are) would work this out. Is it just to hard to do at this point in the development? 

 He is being sarcastic. Listen to the hole recording. You can't take a thousand signatures and reverse engineer a private key. 

 Gotcha. I will tune into the whole recording. Thanks. 

 😂 thanks for this, helps verify the fact that Shinobi *doesn’t*
always know what he’s talking about even tho he always uses that commanding know-it-all tone of voice 😂 

 No you can’t- Shinobi just doing what he does best. There’s too many “analysts” in the space who have done zero proof of work and produced no products 

 i havent watched/listened to the video but curious if there is discussion regarding nonces or key extraction 

 So the more you post on Nostr, the unsafer it becomes? 

We need a NIP for key rotation it seems. And one that’s widely adapted too! 

 it's a joke, signing a message does not reveal your private key 

 IIRC that was discussed on this PR https://github.com/nostr-protocol/nips/pull/715 

 🤔🧐😳
OK, you had me going there for a moment...
April fools, eh?
Asymmetric encryption is foundational to both bitcoin AND nostr! 

 Bitcoin rotates keys. 

 So, how real/serious is the re-use risk in the context of nostr?

Should nostr be improved to use something like bitcoin's BIP-32 protocol to give each user deterministic keypair chains?🤔 

 That's one of the first improvements I've wanted to see on nostr, but I have no idea if the re-use risk is going to matter. Keychains would also help with the risk of entering keys into all the different apps and devices people use  

 Could you animate the moment where Shinoboi was wrong?

nostr:nevent1qqsdmuzwfnpkk94q8hghh4z9dvwdvnv3dn3hnjf4k65lucyq9e2yplgpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygpm7rrrljungc6q0tuh5hj7ue863q73qlheu4vywtzwhx42a7j9n5psgqqqqqqsjzztux 

 This is absolutely incorrect.

If the nonces are generated securely and independently for each signature, the private key remains secure even if the same key is used many times. 

 I don't believe you 

 I also don't think it's a lie, but rotating keys is good practice anyway