The upcoming release of breadwallet uses the height of the blockchain to enforce timed pin code lockouts for preventing an attacker from quickly making multiple pin guesses. This prevents them changing the devices system time to get around the lockout period.

Aaron

On Thursday, July 24, 2014, Ron OHara <ron.ohara54@gmail.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I thought I should shortcut my research by asking a direct question here.

As I understand it, the blockchain actually provides an extra piece of
reliable data that is not being exploited by applications.

Which data?  The time.   In this case 'the time' as agreed by >50% of
the participants, where those participants have a strong financial
incentive to keep that 'time' fairly accurate. (+/- about 10 minutes)

Is this a reasonable understanding of 'time'? ... aka timestamps on the
block

Ok... 'time' on the blockchain could be 'gamed' ... but with great
difficulty. An application presented with a fake blockchain can use
quite a few heuristics to test the 'validity' of the block chain.
It can review the usual cryptographic proofs, and check that difficulty
is growing/declining only in a realistic manner up to the most recent
block. Even use some arbitrary test like difficulty > 10,000,000,000
... on the presumption that any less means that the Bitcoin system has
failed massively from where it currently is and has become an unreliable
time source.

Reliable 'time' has been impossible up until now - because you need to
trust the time source, and that can always be faked.  Using the
blockchain as an approximate time source gives you a world wide
consensus without direct trust of any player.

So if this presumption is correct, then we can now build time capsule
applications that can not be tricked into exposing their contents too
early by running them in a virtual environment with the wrong system time.

Is this right? or did miss I something fundamental?

Ron

- --
public identify: https://www.onename.io/ron_ohara
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJT0a9sAAoJEAla1VT1+xc2ONQH/0R09guSNNCxP36KziAjfcBc
JEhxMpIlqTTYEvNXaBmuPy4BN+IZQ9izgrW/cvlEJJNMmc5/VIBk83WZltmDwcKl
oo4MIdmp6vz984GWToyyLcLSEDT60UE9Hhe+U9RyF5J9kwbN8Uy4ozUHhFVP/0EL
q4O1V6ggPbHWgH4q8m8E9qWOlIFXCDgCjxpL8Ptxsk+UlBq2NWMiwTz6Tbc9KOB4
hOffzXCZV+DkwjFZD2Rc4rHaxw1yLuYr7DzmzwZbhRQclv9tZt9hoVaAT+RQpE1k
X7pi+zVzeMMng0bzUv8t/G+gq0gaelyV41MJQRparEXhnuYkgU7rAPKIQEG8qpc=
=T5fw
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--

Aaron Voisine
breadwallet.com