Oddbean new post about | logout
 Plebs: “Nostr, what form of identity recovery have we?”

Nostr: “Perfect opsec for your private key, if you can keep it up forever.” 
 Can’t argue with you there, It’s a single point of failure and a genuine concern I personally have about my own profile. 
 Well, I've saved my keys in Norton Password Manager (as a note). How much sh!t can hit the fan? 
 Not much risk if you never want to use other apps, but the real value is unlocked when you can use the profile on lots of apps.  Each new app you use however incrementally increases your risk. 

Ideally you could be wild and free out there signing notes without a care in the world, but storing your key in a password manager can’t give you that. 
 Use an nsec bunker like nsec.app 
 Sure, but if it’s adoption we are looking for we have to be honest about how many people will understand this, let alone go through the process of using it. Which begs the question, are there lots of people out there who care about portable identity in the first place? 
 Hmm 🤔 

Agreed

I've been using #Nostr for a year and have only now started using nsec bunker 
 If you tried nsec.app and found it hard to understand, I would really appreciate your feedback! 
 I'm a fan,  @brugeman

I use npub.cash with nsec.app on the phone

In fact, I've stopped sticking my nsec wherever there is bunker login 
 Thanks man! It's great you're finding it useful, and thanks for the advocacy! 
 I shill the good stuff wherever I can 👍 
 I am trying it right now and am having a hard time logging in. I’ve set up a burner key and when I enter the npub on coracle.social I don’t see anything on coracle or nsec.app. It seems like it does work if I enter the bunker url, but nsec.app says not to share this. Is there an admin npub that can be used as well or are all of the added pubkeys considered admin for the bunker? Otherwise onboarding is super slick. I need to understand better where my keys are being stored  
 The is a video-guide on how to login to Coracle on nsec.app homepage, you should enter your bunker URL or your name@nsec.app
Don't share bunker URLs publicly - you have to put them where they belong, i.e. into Coracle :) Although I agree this bunker thing is confusing.
Nsec.app stores your keys in your browser - there is no 'admin key', all keys are separate. The password you specify is used for e2ee sync of your key between devices - so you can login to nsec.app with name and password and get your keys synched there. 
 
 Thanks for letting me know. I’ll check out the video! I know some interfaces like nostr.kiwi ask you to put in an npub or a token - does nsec.app only work with the nip-05 or the bunker url and not the npub? 

I do think adjusting the wording so that it’s clear that it is okay to put a bunker URL into the client would be helpful. I’ve used nsecBunker in the past and that wording threw me off for a second.  
 Ok so the 'nsecbunker' is one of the first nip46 implementations, and it had it's own 'connection string' format - it was 'npub' or 'npub#token'. But now the new standardized format is bunker://pubkey?relay[&secret] - all modern clients will support this format, some old clients support the old nsecbunker format. Nsec.app can't work with npub or npub#token format bcs this string doesn't allow to pass the relay address, which is needed to run the nip46 protocol (original nsecbunker had hardcoded relays so that wasn't needed). 

Thanks, I will adjust the wording. Basically, there are 2 kinds of bunker urls - with a &secret or without one, one with a secret must not be shared publicly, only pasted to the connecting app, nsec.app generates only urls with a secret now. 
 Thanks for the info. I want to dig into this more deeply for SEC-02 
 Cool, let me know if you have any questions or ideas! 
 Now I know your Lightning Address, I’ll be testing out my command line app! 
 
Du har fått min Litecoin-adress och jag skickar dig ett testpaket. Detta kommer att verifiera om din applikation fungerar korrekt.

/anna 
 Ahh that explains it. I am clearly a bit out of date and had also wondered if nostr.kiwi was. Nsec.app looks awesome and is very responsive. Thanks again!!! 
 Great! Don't hesitate to share feedback, it really helps!