Oddbean new post about | logout
The Fishcake🐶🐾 | 9 months ago (raw) | root | parent | reply | flag +2 
 How else can you sign the note if you don’t have the key? 🐶🐾🤷‍♂️
Karnage | 9 months ago (raw) | root | parent | reply | flag +2 
 Right, I get that, but if you (service provider) is able to see everyone's decrypted key, do we not agree that could be an issue?
The Fishcake🐶🐾 | 9 months ago (raw) | root | parent | reply | flag +1 
 I am not claiming that I know the code well en, so take my comments with a grain of salt. If signing is done at the client and key is never known to nsecbunker in its plain form, then only client has the access, if not, then server has the access. @PABLOF7z will be able to confirm one or the other way. 🐶🐾🫡
wolfbearclaw | 9 months ago (raw) | root | parent | reply | flag +2 
 From the site: “Your nostr keys are stored encrypted with a passphrase you provide and must be decrypted by you before they can be used”
Lux | 9 months ago (raw) | root | parent | reply | flag 
 So is your passphrase salted? Is that saved somewhere? Or you have to enter each time to decrypt and sign?
The Fishcake🐶🐾 | 9 months ago (raw) | root | parent | reply | flag +2 
 Don’t trust, verify! 🐶🐾🫡
nostr:note1pzcttlcgylnxlnry4ul4px02se9q8e4nd07f23rp7v2ke52zy3yshyf9wf
Lux | 9 months ago (raw) | root | parent | reply | flag 
 So passphrase is only used at runtime and not stored in mem?
The Fishcake🐶🐾 | 9 months ago (raw) | root | parent | reply | flag +1 
 I don’t know but if the service has access to both (encrypted nsec and passphrase), then it is not hard to get a clear text nsec. It is clearly stored in mem since it’s in variable 🐶🐾🫡