Sorry, you're right. I'd have hoped a delay that doubles on failure each time up to some max would be good enough, relying on the p2p network to unlock a PIN feels weird, but I can't really quantify why or what's wrong with it so I guess it's just me :-) On Fri, Jul 25, 2014 at 4:45 PM, Aaron Voisine wrote: > The problem is if someone moves system time forward between app launches. > The lockout period doesn't have to be all that precise, it just makes you > wait for the next block, then 5, then 25, and so on. Using a well > known time server over https would also be a good option, but the wallet > app already has the chain height anyway. > > > On Friday, July 25, 2014, Mike Hearn wrote: > >> Given that the speed at which the block chain advances is kind of >> unpredictable, I'd think it might be better to just record the time to disk >> when a PIN attempt is made and if you observe time going backwards, refuse >> to allow more attempts until it's advanced past the previous attempt. >> >> >> On Fri, Jul 25, 2014 at 7:56 AM, Aaron Voisine wrote: >> >>> It's based on the block height, not the block's timestamp. If you have >>> access to the device and the phone itself is not pin locked, then you >>> can jailbreak it and get access to the wallet seed that way. A pin >>> locked device however is reasonably secure as the filesystem is >>> hardware aes encrypted to a combination of pin+uuid. This was just an >>> easy way to prevent multiple pin guesses by changing system time in >>> settings, so that isn't the weakest part of the security model. >>> >>> Aaron Voisine >>> breadwallet.com >>> >>> >>> On Thu, Jul 24, 2014 at 8:21 PM, William Yager >>> wrote: >>> > On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell >>> > wrote: >>> >> >>> >> >>> >> Is breadwallet tamper resistant & zero on tamper hardware? otherwise >>> >> this sounds like security theater.... I attach a debugger to the >>> >> process (or modify the program) and ignore the block sourced time. >>> >> >>> > >>> > It's an iOS application. I would imagine it is substantially more >>> difficult >>> > to attach to a process (which, at the very least, requires root, and >>> perhaps >>> > other things on iOS) than to convince the device to change its system >>> time. >>> > >>> > That said, the security benefits might not be too substantial. >>> > >>> > >>> ------------------------------------------------------------------------------ >>> > Want fast and easy access to all the code in your enterprise? Index and >>> > search up to 200,000 lines of code with a free copy of Black Duck >>> > Code Sight - the same software that powers the world's largest code >>> > search on Ohloh, the Black Duck Open Hub! Try it now. >>> > http://p.sf.net/sfu/bds >>> > _______________________________________________ >>> > Bitcoin-development mailing list >>> > Bitcoin-development@lists.sourceforge.net >>> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>> > >>> >>> >>> ------------------------------------------------------------------------------ >>> Want fast and easy access to all the code in your enterprise? Index and >>> search up to 200,000 lines of code with a free copy of Black Duck >>> Code Sight - the same software that powers the world's largest code >>> search on Ohloh, the Black Duck Open Hub! Try it now. >>> http://p.sf.net/sfu/bds >>> _______________________________________________ >>> Bitcoin-development mailing list >>> Bitcoin-development@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >>> >> >> > > -- > > Aaron Voisine > breadwallet.com >