If I can view my keys in the web app it means they are stored somewhere. Where? And can they be viewed by the team?
Here’s the short simplified non-technical explanation:
With MPC, 2 signatures are required to compute and display your private key: Nash holds one, you hold the other.
As a result, Nash allows you to display it, but never have access to it.
Check this blogpost for more details: The safest software wallet for crypto
So the keys are encrypted on the Nash servers right?
I will not cover the technical nor security aspects. All I can tell you is that Nash takes security very seriously and has been - and continues to be - audited regularly.
Is it because Nash is striving to be a place for everyone, and when adding complexity, it mostly confuses/scares people?
Because I am not a cryptography nor security expert, so I wouldn’t want to say misleading or incorrect things.
" 2. The user’s login information (email and password) is hashed in the browser and two key pairs are derived, one for authentication (normal login) and one for encryption/decryption. The encryption/decryption keys are never sent to Nash but are rederived locally whenever a user logs in – meaning Nash can never decrypt the user’s private wallet information. The authentication key is used to authenticate user login with the Nash server, just like a normal password exchange on a typical website."
Qouted from The safest software wallet for crypto
Nash uses the drived keys in the browser to encrypt user info and send it to Nash server encrypted.
Nash can’t decrypt this info without the key which is driven from the user password.
Everytime you login; browser retrives a gibberish string that only you can decrypt
When you change password, the plain info from browser is encrypted again with the new drived key and sent again to Nash.
Note: the plain password used to drive the keys is not saved by Nash either.
I hope this is clear otherwise just trust the cryptographic wizards at Nash