[ mslm dvlpmnt ] on Nostr: I compared a few key signers, did a little side-by-side on them. What really ...
I compared a few key signers, did a little side-by-side on them. What really surprised me is that some browser add-ons just store the user's nsec in plain text right in the browser's local storage, where it could be read by other add-ons!
No such problems with #NoorSigner, since it runs locally in the file system and talks to the #NoorNote client over Unix socket IPC. That said, it came out that NoorSigner was using the weaker XOR encryption instead of the more secure AES. And I fixed that up today, it'll be in the next release, insh'Allah.
Published at
2025-12-15 16:46:51 UTCEvent JSON
{
"id": "1ce5e3019ec3bb0998ad655c44873dff667a167b2407cdb4f41e7dece8b39c6c",
"pubkey": "b042e2f69d81182ae2346bed73a05cfb3f9eff04728fc7a55bef0f3d7793e9eb",
"created_at": 1765817211,
"kind": 1,
"tags": [
[
"client",
"NoorNote"
]
],
"content": "I compared a few key signers, did a little side-by-side on them. What really surprised me is that some browser add-ons just store the user's nsec in plain text right in the browser's local storage, where it could be read by other add-ons!\n\nNo such problems with #NoorSigner, since it runs locally in the file system and talks to the #NoorNote client over Unix socket IPC. That said, it came out that NoorSigner was using the weaker XOR encryption instead of the more secure AES. And I fixed that up today, it'll be in the next release, insh'Allah.\n\nhttps://image.nostr.build/f23d55868cf80d373c44f609fe2e4fddfb97215fb975ec8b694195e096c41fd0.png",
"sig": "30c76009486785969a8274d8d027a8942a090b89afd79c156f72a670f95b9336a021917d492c1dd8f351fe419a6cb869bd8ee70b034d81d77f2bbcb02d13c760"
}
