From: Aaron Voisine <voisine@gmail.com>
To: Ron OHara <ron.ohara54@gmail.com>
Cc: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Time
Date: Thu, 24 Jul 2014 19:35:46 -0700 [thread overview]
Message-ID: <CACq0ZD56NuADphK-28zxR=dAPnZOPY4C0GO=zLdOhVxBpRKwoA@mail.gmail.com> (raw)
In-Reply-To: <53D1AF6C.7010802@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3304 bytes --]
The upcoming release of breadwallet uses the height of the blockchain to
enforce timed pin code lockouts for preventing an attacker from
quickly making multiple pin guesses. This prevents them changing the
devices system time to get around the lockout period.
Aaron
On Thursday, July 24, 2014, Ron OHara <ron.ohara54@gmail.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I thought I should shortcut my research by asking a direct question here.
>
> As I understand it, the blockchain actually provides an extra piece of
> reliable data that is not being exploited by applications.
>
> Which data? The time. In this case 'the time' as agreed by >50% of
> the participants, where those participants have a strong financial
> incentive to keep that 'time' fairly accurate. (+/- about 10 minutes)
>
> Is this a reasonable understanding of 'time'? ... aka timestamps on the
> block
>
> Ok... 'time' on the blockchain could be 'gamed' ... but with great
> difficulty. An application presented with a fake blockchain can use
> quite a few heuristics to test the 'validity' of the block chain.
> It can review the usual cryptographic proofs, and check that difficulty
> is growing/declining only in a realistic manner up to the most recent
> block. Even use some arbitrary test like difficulty > 10,000,000,000
> ... on the presumption that any less means that the Bitcoin system has
> failed massively from where it currently is and has become an unreliable
> time source.
>
> Reliable 'time' has been impossible up until now - because you need to
> trust the time source, and that can always be faked. Using the
> blockchain as an approximate time source gives you a world wide
> consensus without direct trust of any player.
>
> So if this presumption is correct, then we can now build time capsule
> applications that can not be tricked into exposing their contents too
> early by running them in a virtual environment with the wrong system time.
>
> Is this right? or did miss I something fundamental?
>
> Ron
>
> - --
> public identify: https://www.onename.io/ron_ohara
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.20 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJT0a9sAAoJEAla1VT1+xc2ONQH/0R09guSNNCxP36KziAjfcBc
> JEhxMpIlqTTYEvNXaBmuPy4BN+IZQ9izgrW/cvlEJJNMmc5/VIBk83WZltmDwcKl
> oo4MIdmp6vz984GWToyyLcLSEDT60UE9Hhe+U9RyF5J9kwbN8Uy4ozUHhFVP/0EL
> q4O1V6ggPbHWgH4q8m8E9qWOlIFXCDgCjxpL8Ptxsk+UlBq2NWMiwTz6Tbc9KOB4
> hOffzXCZV+DkwjFZD2Rc4rHaxw1yLuYr7DzmzwZbhRQclv9tZt9hoVaAT+RQpE1k
> X7pi+zVzeMMng0bzUv8t/G+gq0gaelyV41MJQRparEXhnuYkgU7rAPKIQEG8qpc=
> =T5fw
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net <javascript:;>
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--
Aaron Voisine
breadwallet.com
[-- Attachment #2: Type: text/html, Size: 4235 bytes --]
next prev parent reply other threads:[~2014-07-25 2:35 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-25 1:14 [Bitcoin-development] Time Ron OHara
2014-07-25 1:41 ` Jeff Garzik
2014-07-25 2:35 ` Aaron Voisine [this message]
2014-07-25 2:39 ` Gregory Maxwell
2014-07-25 3:21 ` William Yager
2014-07-25 5:56 ` Aaron Voisine
2014-07-25 10:26 ` Mike Hearn
2014-07-25 14:45 ` Aaron Voisine
2014-07-25 16:03 ` Mike Hearn
2014-07-25 16:22 ` Natanael
2014-07-25 18:14 ` Aaron Voisine
2014-07-25 10:30 ` Mike Hearn
2014-07-27 22:22 ` Peter Todd
2014-07-28 17:33 ` Troy Benjegerdes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACq0ZD56NuADphK-28zxR=dAPnZOPY4C0GO=zLdOhVxBpRKwoA@mail.gmail.com' \
--to=voisine@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=ron.ohara54@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox