public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Mike Hearn <mike@plan99.net>
To: Aaron Voisine <voisine@gmail.com>
Cc: "bitcoin-development@lists.sourceforge.net"
	<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Time
Date: Fri, 25 Jul 2014 12:26:11 +0200	[thread overview]
Message-ID: <CANEZrP0pMA=LB=Mi9xj9YbJ83=0r6Xa4_6Ua+wpAtsg5OdS7Kw@mail.gmail.com> (raw)
In-Reply-To: <CACq0ZD4nCJ+dzUG+KV+eCxE2My+T4Acr4qy-Y6A-dFvuRG=Eaw@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2790 bytes --]

Given that the speed at which the block chain advances is kind of
unpredictable, I'd think it might be better to just record the time to disk
when a PIN attempt is made and if you observe time going backwards, refuse
to allow more attempts until it's advanced past the previous attempt.


On Fri, Jul 25, 2014 at 7:56 AM, Aaron Voisine <voisine@gmail.com> wrote:

> It's based on the block height, not the block's timestamp. If you have
> access to the device and the phone itself is not pin locked, then you
> can jailbreak it and get access to the wallet seed that way. A pin
> locked device however is reasonably secure as the filesystem is
> hardware aes encrypted to a combination of pin+uuid. This was just an
> easy way to prevent multiple pin guesses by changing system time in
> settings, so that isn't the weakest part of the security model.
>
> Aaron Voisine
> breadwallet.com
>
>
> On Thu, Jul 24, 2014 at 8:21 PM, William Yager <will.yager@gmail.com>
> wrote:
> > On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell <gmaxwell@gmail.com>
> > wrote:
> >>
> >>
> >> Is breadwallet tamper resistant & zero on tamper hardware? otherwise
> >> this sounds like security theater.... I attach a debugger to the
> >> process (or modify the program) and ignore the block sourced time.
> >>
> >
> > It's an iOS application. I would imagine it is substantially more
> difficult
> > to attach to a process (which, at the very least, requires root, and
> perhaps
> > other things on iOS) than to convince the device to change its system
> time.
> >
> > That said, the security benefits might not be too substantial.
> >
> >
> ------------------------------------------------------------------------------
> > Want fast and easy access to all the code in your enterprise? Index and
> > search up to 200,000 lines of code with a free copy of Black Duck
> > Code Sight - the same software that powers the world's largest code
> > search on Ohloh, the Black Duck Open Hub! Try it now.
> > http://p.sf.net/sfu/bds
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

[-- Attachment #2: Type: text/html, Size: 4085 bytes --]

  reply	other threads:[~2014-07-25 10:26 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-25  1:14 [Bitcoin-development] Time Ron OHara
2014-07-25  1:41 ` Jeff Garzik
2014-07-25  2:35 ` Aaron Voisine
2014-07-25  2:39   ` Gregory Maxwell
2014-07-25  3:21     ` William Yager
2014-07-25  5:56       ` Aaron Voisine
2014-07-25 10:26         ` Mike Hearn [this message]
2014-07-25 14:45           ` Aaron Voisine
2014-07-25 16:03             ` Mike Hearn
2014-07-25 16:22               ` Natanael
2014-07-25 18:14                 ` Aaron Voisine
2014-07-25 10:30 ` Mike Hearn
2014-07-27 22:22   ` Peter Todd
2014-07-28 17:33   ` Troy Benjegerdes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CANEZrP0pMA=LB=Mi9xj9YbJ83=0r6Xa4_6Ua+wpAtsg5OdS7Kw@mail.gmail.com' \
    --to=mike@plan99.net \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=voisine@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox