Pin encrypt secrets #633
Labels
No Label
1000k
100k
10k
200k
20k
500k
50k
5k
75k
backend
blocked:design
bug
dependencies
documentation
duplicate
enhancement
good first issue
help wanted
invalid
P1
P2
P3
question
scope:intl
scope:nip
scope:query_tracing
scope:ux
wontfix
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Kieran/snort#633
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Use PBKDF2 to encrypt nsec / wallet details in session
Wait, what? "Pin" sounds like something that's trivial to brute-force and if you mean "passphrase", ... I'm curious to know what you are working on here but I'm too paranoid to consider exposing nsecs to nostr clients a good idea anyway, so I'd prefer the removal of nsec handling over some pin/passphrase protection that any browser extension can work around by reading the nsec once the user provided the pin.
Yes a pin, 4 or more digits, then using Scrypt to generate to a key and encrypting with xchacha20+hmac-sha256
It offers some protection, which is better than nothing