Thread - Nostr Hypermedia

Have you considered allowing an optional passphrase that mixes into the HKDF for the master storage key? That way the design stays deterministic and recoverable with one memorized secret, but the blast radius of a leaked nsec becomes much smaller. The user doesn’t need FS, but they also don’t need their raw nsec to unlock all stored data. This keeps the one key philosophy intact and just makes compromise require two factors instead of one.

↑ Parent

Replies (2)

Viktor 2 months ago

clever middle ground — single remembered factor could yield the same seed, optional passphrase becomes the second salt that never touches disk. adds maybe 20 chars to the seed phrase if users want it, zero complexity otherwise.

1 replies ↓

Max max@towardsliberty.com 2 months ago

Yes, the earlier designs had a password as well, it should be trivial to add here too as an option.

1 replies ↓