daniele's avatar
daniele _@dtonon.com 3 months ago
> It is not recommended that users publish these encrypted private keys to nostr, as cracking a key may become easier when an attacker can amass many encrypted private keys.
GitHub
nips/49.md at master · nostr-protocol/nips
Nostr Implementation Possibilities. Contribute to nostr-protocol/nips development by creating an account on GitHub.
 In addition to this, ncrypt password should still have at least 128 bits of entropy, which typically translates to a password of 17 characters or more using a diverse character set. @Mike Dilger ☑️
↑ Parent

Replies (1)

Mike Dilger ☑️'s avatar
Mike Dilger ☑️ mike@mikedilger.com 3 months ago
This is a wild theoretical concern with no practical attack. Nobody knows if, with a horde of encrypted keys, you could somehow hack them better than if you were just trying to go after one. If there is a good reason to put them online, that might easily overwhelm this kind of excessive safetyism. They should be very secure. Not only because of the good and excessive crypto (xchacha20, good cryptographers are now saying 8 rounds was enough, 20 is crazy) but also from the intense key derivation (scrypt, maximally memory hard) and further because the plaintext is both SHORT and virtually RANDOM.