Author: Aaron Voisine 2014-07-25 14:45:40
Published on: 2014-07-25T14:45:40+00:00
The discussion revolves around the security of breadwallet, an iOS application. The concern raised is that if someone moves system time forward between app launches, it may compromise the security. Aaron Voisine, the creator of breadwallet, explains that the lockout period is based on block height rather than timestamp and pin-locked devices are secure as the filesystem is hardware AES encrypted to a combination of pin+uuid. However, Gregory Maxwell questions the tamper resistance of breadwallet and suggests that it could be compromised by attaching a debugger to the process or modifying the program. Mike Hearn proposes recording the time to disk when a PIN attempt is made and refusing to allow more attempts until time has advanced past the previous attempt if time goes backward. Aaron Voisine suggests using a well-known time server over https or utilizing the chain height already available in the wallet app to overcome the issue.
Updated on: 2023-06-09T01:29:39.354877+00:00