hodlbod on Nostr: Implementing an email-based recovery flow right now, and it's incredibly prone to ...
Implementing an email-based recovery flow right now, and it's incredibly prone to very bad security-related errors. Nostr makes everything so easy, the threat model is incredibly simple when the user holds their key. Having keys even makes email based recovery more secure, because I can use them to guarantee that the person who initiates the recovery process is the one who completes it, completely eliminating a whole class of MITM attacks.
Published at
2025-12-16 18:19:26 UTCEvent JSON
{
"id": "4acd37aec9fca8bc6d5937f1c7a5b32fd828b9f487e8d19ddefa39fd9de66768",
"pubkey": "97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322",
"created_at": 1765909166,
"kind": 1,
"tags": [],
"content": "Implementing an email-based recovery flow right now, and it's incredibly prone to very bad security-related errors. Nostr makes everything so easy, the threat model is incredibly simple when the user holds their key. Having keys even makes email based recovery more secure, because I can use them to guarantee that the person who initiates the recovery process is the one who completes it, completely eliminating a whole class of MITM attacks.",
"sig": "e54ed2904bc17935ff4d61cf6bc7df94e28ae166d0a791cc0a60328816ca1af4c10642b0204cfcbfc0f0af551badc6db85f3aa91c259833c42df61afffe8d36e"
}
