Interesting analysis from Mearsheimer on Iran https://youtu.be/Zy3_CP-XeQo

Great DOAC pod with Tony Robbins on navigating change and difficult times. Especially the part about AI: https://youtu.be/I_w81rptxkc

One option is to get a Thermomix and bake yourself. We bought one in October and it’s helping me learn to cook more healthy.

Thanks Roy. Good discussion re prf here everyone … I have a better understanding of the trade-offs of each design now. For breez sdk the simplified design makes sense. Re import … I presume existing Liquid/Spark users could just derive a new wallet from the passkey and sweep funds from their old wallet with relatively low fees. Is this how existing misty breez users will be migrated?

@npub1ey6qd... @npub1x8c26...

How does a user prevent sync of the passkey to his desktop? iCloud Keychain items are synced to all devices. Same with 1Password.

Thanks for clarifying.

1-4: makes sense. The downside of relays is IP address (location) leakage to multiple untrusted server if users are not using a VPN.

5: I agree for a wallet use case. But for nostr the user loses his social graph.

6: the UX cost is zero for icloud-key-value-store (users are generally logged into their Apple ID on iOS). On Android there is a UX cost. The main upside I see is 2FA though. Compromise of a passkey is not unlikely on a desktop computer due to higher malware risk. Users could recover their wallet only on mobile devices. A user using yubikeys to secure their Apple/Google account would be resistent to an adversary that has compromised their laptop.

Oh and users get 2FA for free as an additional security layer when using iCloud/GDrive. Apple even makes users enable 2FA when storing passkeys https://support.apple.com/guide/iphone/use-passkeys-to-sign-in-to-websites-and-apps-iphf538ea8d0/ios

If the digital euro would simply be a cashu mint that users could connect any cashu wallet to it might be interesting (at least until the euro hyperinflates due to europe’s unsustainable social security and demographics). That would at least provide protection against censorship of individual users. But the ECB would never allow a truly private and open digital cash system.

We’ve seen relays nuke their databases regularly which means users would ultimately rely on the breez relay to store their salt. As a user I personally prefer icloud to store my data longterm independent of a wallet vendor. But it is a matter of taste.

CSPP derives a master encryption key independent of the passkey to encrypt the nsec and stores the ciphertext besides the salt in icloud. Without it users would need to rotate their nsec when they rotate their passkey. I believe this is an important feature for the management of longterm user keys.

But PRF will be used in many different ways by different vendors. So I don’t expect convergence on one standard.

Where is the primary salt stored?

Breez’ spec is interesting if the user trusts his nostr relays to store the salt for prf. Without the salt the user loses his nsec. This is why I would propose to backup the salt along with the encrypted key material in iCloud/GDrive (see CSPP spec). This way the nostr user’s nsec could also be re-encrypted if the passkey needs to be rotated due to device compromise etc.