Thinking about email/password login further, here's a different approach:
Instead of encrypting at rest using a server key, what if the server never saw the key at all? Instead, the user would simply authenticate with the server, and retrieve an ncryptsec.
To avoid using the same password for the ncryptsec and the server authentication (since that would allow the server to decrypt the ncryptsec), the client could instead send the hash of the user's password to the server. (This would allow the user to avoid remembering two different passwords).
This would put key storage back on the client which comes with its own attendant risks, and benefits.
Is this better or worse than my other design?
nostr:nostr:nevent1qvzqqqqqqypzp978pfzrv6n9xhq5tvenl9e74pklmskh4xw6vxxyp3j8qkke3cezqyw8wumn8ghj76r0v3kxymmy9e3k7unpvdkx2tn5dahkcue0qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpzemhxue69uhkzat5dqhxummnw3erztnrdakj7qgnwaehxw309a3kcdpww3hxj7pwv3jhvtcqypavl24zxkmw0m8mateuucp763v4rlnmwewmysc33xx3qejhrv38xy3ndwu
hodlbod /
npub1jl…jynqn
2024-12-05 18:12:38 GMT
Author Public Key
npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqnPublished at
2024-12-05 18:12:38 GMTEvent JSON
{
"id": "7d36309f6760446ce2dc5ddc3c07f7ed95344b24b1fac51f05f6dcb27963e7a8",
"pubkey": "97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322",
"created_at": 1733422358,
"kind": 1,
"tags": [
[
"q",
"7acfaaa235b6e7ecfbeaf3ce603ed45951fe7b765db24311898d1066571b2273",
"wss://hodlbod.coracle.tools/"
],
[
"client",
"Coracle",
"31990:97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322:1685968093690"
],
[
"p",
"97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322",
"wss://relay.damus.io/",
"hodlbod"
]
],
"content": "Thinking about email/password login further, here's a different approach:\n\nInstead of encrypting at rest using a server key, what if the server never saw the key at all? Instead, the user would simply authenticate with the server, and retrieve an ncryptsec.\n\nTo avoid using the same password for the ncryptsec and the server authentication (since that would allow the server to decrypt the ncryptsec), the client could instead send the hash of the user's password to the server. (This would allow the user to avoid remembering two different passwords).\n\nThis would put key storage back on the client which comes with its own attendant risks, and benefits.\n\nIs this better or worse than my other design?\n\nnostr:nostr:nevent1qvzqqqqqqypzp978pfzrv6n9xhq5tvenl9e74pklmskh4xw6vxxyp3j8qkke3cezqyw8wumn8ghj76r0v3kxymmy9e3k7unpvdkx2tn5dahkcue0qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpzemhxue69uhkzat5dqhxummnw3erztnrdakj7qgnwaehxw309a3kcdpww3hxj7pwv3jhvtcqypavl24zxkmw0m8mateuucp763v4rlnmwewmysc33xx3qejhrv38xy3ndwu",
"sig": "a919ec0ba3fac7e84833b8774bcd31468484cfbf783439ffcddfa294693b3cc9e7c1dbf50654b5a07ce8ef10189440719fe2985327627f54aff3cc5349072447"
}