pull down to refresh
51 sats \ 7 replies \ @tbk 5 Dec 2022 \ parent \ on: Lightning login app - good or bad idea? bitcoin
I appreciate the effort to spread knowledge of lnurl-auth, however, do you think there is a problem importing seeds into "random" apps?
A wise man once said we should not normalize making people type seeds (BIP39) into text boxes. And I wholeheartedly agree.
In https://lnpass.github.io (shameless self-promote, I am sorry) the secret is presented as bech32 encoded string. Would you think this is a good approach for you app as well?
Hmm I never really thought about that as a problem...
What kind of problems could it cause?
reply
the seed is meant to be stored in a safe place. preferably not on a device connected to the internet if on a device at all. Typing it into an app defeats it's purpose, no? I guess the problem it could cause is the seed can be spoofed and the funds sweeped from the source. This applies only to sources that have funds in the first place though, which is not needed for this app to work. So i guess a warning to the users might do the trick?
reply
@tbk:
A wise man once said we should not normalize making people type seeds (BIP39) into text boxes. And I wholeheartedly agree.
he seed is meant to be stored in a safe place. preferably not on a device connected to the internet if on a device at all. Typing it into an app defeats it's purpose, no?
Security through obscurity is not a solution
A private key is a private key, regardless of format, should be managed with caution.
I think that we should educate about that, otherwise the user will keep the seed on steel in the safe and then will share the bech32 private key thinking that a qrcode cannot harm.
The key point is evaluate the risks and decide if the specific private key can be imported in a hot wallet/service. And the value is not only economic: perhaps for example could be "safe" to share a hot wallet private key with few sats but not the one that manages my identity on a social network.
reply
Completely agree with what you are saying.
However, in this case, I think this is a UX issue, not a "security by obscurity" issue. One could argue that a mnemonic seed is also a different representation of a seed, just like the bech32 representation, would you agree?
reply
I absolutely agree.
For this exact reason (different representation of a seed) I think we cannot demonize the menmonic preferring other formats.
So I cannot understand why "the secret is presented as bech32 encoded string" should be a preferred solution against a mnemonic seed (aside from the fact that you share a single private key insterad a bip39 master key, but here we are talking about formats and UX, not keys tipology).
Perhaps I misunderstood something?
reply
These were exactly my thoughts before.
After some thinking I changed my views. Please, take no offense, it is totally okay to have a different opinion on this.
I just don't want to drift into a world where people not as educated as you put in their seed words just because a random app prompts them to.
Sure, all that's needed is a "little" education and healthy skepticism, but that's arguably very hard. Imho, it's better to try "avoiding" it in the first place.
Fun fact: It is in fact a bip32 master key. But you can only put funds on it if you know thy tools.
reply
Thank for your kindness :)
Fun fact: It is in fact a bip32 master key. But you can only put funds on it if you know thy tools.
You developed a tool and without any doubt have more experience in the field and thought a lot about the best approach, so I'm really interested in you opinion.
I played with https://lnpass.github.io, from the export function I grasped what you mean! You would like to create a "closed" login app where the bip32 master key is not so obvious, so it cannot be used as a standard wallet.
Fair, but I would prefer a more transparent approach where the user can easily export and migrate to to another LN wallet, for example.
reply