[Bitcoin-development] Time

Fri Jul 25 16:03:26 UTC 2014

Sorry, you're right. I'd have hoped a delay that doubles on failure each
time up to some max would be good enough, relying on the p2p network to
unlock a PIN feels weird, but I can't really quantify why or what's wrong
with it so I guess it's just me :-)

On Fri, Jul 25, 2014 at 4:45 PM, Aaron Voisine <voisine at gmail.com> wrote:

> The problem is if someone moves system time forward between app launches.
> The lockout period doesn't have to be all that precise, it just makes you
> wait for the next block, then 5, then 25, and so on. Using a well
> known time server over https would also be a good option, but the wallet
> app already has the chain height anyway.
>
>
> On Friday, July 25, 2014, Mike Hearn <mike at plan99.net> wrote:
>
>> Given that the speed at which the block chain advances is kind of
>> unpredictable, I'd think it might be better to just record the time to disk
>> when a PIN attempt is made and if you observe time going backwards, refuse
>> to allow more attempts until it's advanced past the previous attempt.
>>
>>
>> On Fri, Jul 25, 2014 at 7:56 AM, Aaron Voisine <voisine at gmail.com> wrote:
>>
>>> It's based on the block height, not the block's timestamp. If you have
>>> access to the device and the phone itself is not pin locked, then you
>>> can jailbreak it and get access to the wallet seed that way. A pin
>>> locked device however is reasonably secure as the filesystem is
>>> hardware aes encrypted to a combination of pin+uuid. This was just an
>>> easy way to prevent multiple pin guesses by changing system time in
>>> settings, so that isn't the weakest part of the security model.
>>>
>>> Aaron Voisine
>>> breadwallet.com
>>>
>>>
>>> On Thu, Jul 24, 2014 at 8:21 PM, William Yager <will.yager at gmail.com>
>>> wrote:
>>> > On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell <gmaxwell at gmail.com>
>>> > wrote:
>>> >>
>>> >>
>>> >> Is breadwallet tamper resistant & zero on tamper hardware? otherwise
>>> >> this sounds like security theater.... I attach a debugger to the
>>> >> process (or modify the program) and ignore the block sourced time.
>>> >>
>>> >
>>> > It's an iOS application. I would imagine it is substantially more
>>> difficult
>>> > to attach to a process (which, at the very least, requires root, and
>>> perhaps
>>> > other things on iOS) than to convince the device to change its system
>>> time.
>>> >
>>> > That said, the security benefits might not be too substantial.
>>> >
>>> >
>>> ------------------------------------------------------------------------------
>>> > Want fast and easy access to all the code in your enterprise? Index and
>>> > search up to 200,000 lines of code with a free copy of Black Duck
>>> > Code Sight - the same software that powers the world's largest code
>>> > search on Ohloh, the Black Duck Open Hub! Try it now.
>>> > http://p.sf.net/sfu/bds
>>> > _______________________________________________
>>> > Bitcoin-development mailing list
>>> > Bitcoin-development at lists.sourceforge.net
>>> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>> >
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Want fast and easy access to all the code in your enterprise? Index and
>>> search up to 200,000 lines of code with a free copy of Black Duck
>>> Code Sight - the same software that powers the world's largest code
>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>> http://p.sf.net/sfu/bds
>>> _______________________________________________
>>> Bitcoin-development mailing list
>>> Bitcoin-development at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>>
>>
>>
>
> --
>
> Aaron Voisine
> breadwallet.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140725/ef54b1e1/attachment.html>