Oddbean

#Amethyst v0.84.1: ncryptsec support (NIP-49) Now you can export and login with a password-protected version of your private key. This new format starts with **ncryptsec** and requires inputting a password to decrypt the key before loading it into a client. Keep in mind that the new format is not designed to replace your **nsec**, but to work side-by-side with it. Keep your nsec in the safest place you can and use the **ncryptsec** to move your key between devices, deleting it as soon as you are done with the transfer. New Additions: - Adds support for NIP49 to login and back up key screens - Adds cryptographic support for NIP-49 to Quartz - Enables citation on chats via @ - Adds "₿itcoin" to the set of custom hashtags Updated translations: - Portuguese by @fiatjaf - Hungarian by @Zoltan - Dutch by @Bartus - Chinese by @rasputin Performance Improvements: - Avoids the memory use of the flatten operation on Notification counters - Adds a check for the main thread when pulling opengraph tags. - No need to crossfade when clicking on Show More Code Quality Improvements: - Updates Compose dependencies Download: - [Play Edition](https://github.com/vitorpamplona/amethyst/releases/download/v0.84.1/amethyst-googleplay-universal-v0.84.1.apk ) - [FOSS Edition - No translations](https://github.com/vitorpamplona/amethyst/releases/download/v0.84.1/amethyst-fdroid-universal-v0.84.1.apk )

I'm no expert, but that link says: > When encoding passwords with UTF-8, it is important to realize that there may be multiple UTF-8 representations of a given string. Since the key generated by a password-base key derivation function is dependent on the specific bytes, this matters a great deal.

and just like that...Vitor releases a new update that fixes the #amethyst tagging/crash issue. love it 🫡🚀 #cybersecgirl #amethyst #0.84.1 nostr:nevent1qqsqxl6yddu8cp7kjwe04sms3t7hm66n598wlpnse0hkdzgdykf5pmgpp4mhxue69uhkummn9ekx7mqzyprqcf0xst760qet2tglytfay2e3wmvh9asdehpjztkceyh0s5r9cqcyqqqqqqgspncac

#Amethyst v0.84.1: تحديث جديد لـ Amethyst بإصدار 0.84.1 دعم ncryptsec (NIP-49) يمكنك الآن التصدير وتسجيل الدخول باستخدام نسخة محمية بكلمة مرور من مفتاحك الخاص. يبدأ هذا التنسيق الجديد بـ **ncryptsec** ويتطلب إدخال كلمة مرور لفك تشفير المفتاح قبل تحميله إلى العميل. ضع في اعتبارك أن التنسيق الجديد ليس مصممًا ليحل محل **nsec**، بل للعمل جنبًا إلى جنب معه. احتفظ بـ nsec الخاص بك في أكثر الأماكن أمانًا واستخدم **ncryptsec** لنقل مفتاحك بين الأجهزة، وحذفه بمجرد الانتهاء من عملية النقل. الإضافات الجديدة: - يضيف دعمًا لـ NIP49 لتسجيل الدخول وعمل نسخة احتياطية من الشاشات الرئيسية - يضيف دعم التشفير لـ NIP-49 إلى الكوارتز - تمكين الاقتباس في الدردشات عبر @ - إضافة "₿itcoin" إلى مجموعة علامات التصنيف المخصصة الترجمات المحدثة: - البرتغالية - المجرية - الهولندية - الصينية تحسينات في الأداء: - يتجنب استخدام الذاكرة لعملية التسوية على عدادات الإشعارات - إضافة علامة اختيار للخيط الرئيسي عند سحب علامات opengraph. - لا داعي للتلاشي عند النقر على "إظهار المزيد". تحسينات جودة الكود: - التحديثات إنشاء التبعيات nostr:nevent1qqsqxl6yddu8cp7kjwe04sms3t7hm66n598wlpnse0hkdzgdykf5pmgpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygzxpsj7dqha57pjk5k37gkn6g4nzakewtmqmnwryyhd3jfwlpgxtspsgqqqqqqsef3t4k

It seems not much client support encrypt your nsec with password yet, but you can use nostr-tools to encrypt it https://github.com/nbd-wtf/nostr-tools/blob/master/nip49.ts then use *encrypted* nsec to login to which client support it, like amethyst

There is a new ncryptsec1... Key that has the key but it's encrypted with a password, similar to an encrypted ZIP file. If you paste that on Amethyst's login, it asks you for the password and decrypts to get your nsec and then uses that to login.

Gossip uses ncryptsec keys. Amethyst does now too. So do some of fiatjaf's tools. You can now move your private key securely between these programs without exposing it. nostr:nevent1qqsqxl6yddu8cp7kjwe04sms3t7hm66n598wlpnse0hkdzgdykf5pmgppemhxue69uhkummn9ekx7mp0qyg8wumn8ghj7mn0wd68ytnddakj7qq24lu

noogle.lol now allows allows login with nsec and *drumroll* ncryptsec. Export your keys from Amethyst (or other clients that support it) with a password. Use the password to decrypt your key. It is still recommended to preferably use a nip07 signer like the Alby extension, nostr-login or Amber on Android, but hey, use #Nostr as you see fit. https://i.nostr.build/WrJk.jpg nostr:nevent1qqsqxl6yddu8cp7kjwe04sms3t7hm66n598wlpnse0hkdzgdykf5pmgpzpmhxue69uhkummnw3ezuamfdejsygzxpsj7dqha57pjk5k37gkn6g4nzakewtmqmnwryyhd3jfwlpgxtspsgqqqqqqs6aalvl

See if it is the keyboard. It has been documented that Graphene's default keyboard and FlorisBoard are crashing when apps use a "Visual Mapper" to show people's names intead of their pubkeys. Anysoft, GBoard and Unexpected Keyboards seem to not have this issue.

Ah fuck. It is a good point. Typing the same password on a different kind of keyboard may actually give a different unicode representation. I did know about this but it didn't come to mind. This isn't even an scrypt specific problem, and it rarely presents, and people have probably learned not to use combining characters in their passwords. But the edge case can be solved by normalizing to NFKC. It would be a breaking change. 😆

God's advocate: nip 49 was only recently merged in, and I think we only have gossip, amethyst and fiatjaf's tools implementing it, but I could be wrong. Also, the change changes almost nothing: 99.99% of actual passwords will work either way. Without the change, some passwords will fail to be portable between computers. With the change, no password will fail to be portable between updated clients. Devil's Advocate: But between updated and non-updated clients, even more passwords will fail to be portable than before the change.

This is really an issue between the user and the client... how does the user communicate the proper UTF-8 password to the client? It isn't strictly a protocol issue. It is the client's job to somehow get the password UTF-8 bytes from the user, and to get those bytes correctly. But the protocol can help out and ease the burden on clients if it specified NFKC normalization. I'm of two minds on this.