Open earonesty opened 1 year ago
If you present people with a username/password login they will assume there is a way to click on a "forgot password" button.
no reason that can't work. you can encrypt your key for a custodian if you want to (post it, custodian doesn't even have to be online... then later if you lose your pw, they can email you at the address in the encrypted post to verify).
seems like it would have to be optional though. not everyone wants poor security in exchange for safety. better to show bip39 "recovery" words to write down or print out.
example of a custodial recovery protocol on nostr:
custodial advertisement:
30666
[["url", "https://custody.me"], ["auth", "sms"], ["auth", "email"], ["otp", "otpauth://url"]]
custodial storage of something... custodian has access now. this can be a threshold key computed using a sorted set of custodians using lagrange interpolation with the hash(pubk) as the x axis values. choose 2 or more custodians, add more p tags, and specify the threshold M chosen (if you choose 5, and M is 3, then any 3 of 5, for example). must compute the threshold public key if M > 1.
30667
nip44encrypt({custodian-public-key, stringify({data: "some-data", name: [optional name that might help you remember what this is about], emails: [email-address-list], sms: [sms-list]}))
["d", "some-tag"], ["p": "custodian-public-key"], ["m": "1"]
custodial recovery ephemeral request (specify an email address, or sms number to recover with):
20668
nip44encrypt({custodian-public-key, stringify({email: [email-address], otp-code: <if needed>, pubkey: req-pub-key}))
tags: ["d", "some-tag", "p": "custodian-public-key"]
(custodian should remain online at all times, and respond quickly. old events should be ignored)
custodial recovery ephemeral response:
20669
nip44encrypt({custodian-public-key, decrypt(matching stored data. this can be a partial decryption))
["d", "some-tag", "p": ""]
custodian just computes the privk*epubk and hands it to the client if the email, sms, and otp worked. in the case of m==1 (or in sybil/coordinated attacks), the custodian could also, technically, access the data. otherwise, this is not possible
simplified username/password login for nostr:
create new username and password:
stretched-key = pbkdf2(c=100000, dklen=32, salt=username, data=password)
30669
event:aes(nostr-private-key, stretched-key)
hex(sha256(stretched-key))
login using username
30669
, "d",hex(sha256(stretched-key))
change/reset password:
or does this already exist somewhere?