Given that the speed at which the block chain advances is kind of unpredictable, I'd think it might be better to just record the time to disk when a PIN attempt is made and if you observe time going backwards, refuse to allow more attempts until it's advanced past the previous attempt. On Fri, Jul 25, 2014 at 7:56 AM, Aaron Voisine wrote: > It's based on the block height, not the block's timestamp. If you have > access to the device and the phone itself is not pin locked, then you > can jailbreak it and get access to the wallet seed that way. A pin > locked device however is reasonably secure as the filesystem is > hardware aes encrypted to a combination of pin+uuid. This was just an > easy way to prevent multiple pin guesses by changing system time in > settings, so that isn't the weakest part of the security model. > > Aaron Voisine > breadwallet.com > > > On Thu, Jul 24, 2014 at 8:21 PM, William Yager > wrote: > > On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell > > wrote: > >> > >> > >> Is breadwallet tamper resistant & zero on tamper hardware? otherwise > >> this sounds like security theater.... I attach a debugger to the > >> process (or modify the program) and ignore the block sourced time. > >> > > > > It's an iOS application. I would imagine it is substantially more > difficult > > to attach to a process (which, at the very least, requires root, and > perhaps > > other things on iOS) than to convince the device to change its system > time. > > > > That said, the security benefits might not be too substantial. > > > > > ------------------------------------------------------------------------------ > > Want fast and easy access to all the code in your enterprise? Index and > > search up to 200,000 lines of code with a free copy of Black Duck > > Code Sight - the same software that powers the world's largest code > > search on Ohloh, the Black Duck Open Hub! Try it now. > > http://p.sf.net/sfu/bds > > _______________________________________________ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development >