A place for developers to talk about building on Farcaster.

/dev

What are the security differences between storing a seed phrase in the following ways:

- Locked note in iCloud
- Password-protected in Keychain like how Rainbow does it
- largeBlob with a passkey in iOS17+

I think I understand the UX implications of each, but curious about the technical side

I like baking /goodbread and building apps on web3 protocols. DevRel @ ENS Labs. gregskril.com

What’s not often discussed with largeBlob is that it gets exposed to the JS context of the requesting page, so malicious JS dependencies can steal the key material stored in largeBlob. This can be ok depending on the context, but it’s much weaker than Keychain storage imho.