Author: Aaron Voisine 2014-07-25 18:14:41
Published on: 2014-07-25T18:14:41+00:00
The discussion revolves around the security of breadwallet app. One user suggests that interactive algorithms require some machine to hold a secret state, which is not available here. The certainty of having the right blockchain is a statistical one over longer periods of time, which is not enough for a PIN you want verified right now. Aaron Voisine, the developer of the app, explains that the wallet uses the highest estimated block height from connected peers if it is not up to date, but that could be gamed by controlling the network. The app has blockchain checkpoints in it, so you couldn't truncate the chain starting point below that. If someone moves system time forward between app launches, the lockout period just makes you wait for the next block, then 5, then 25, and so on. The worst case scenario is that you get four to five extra guesses, but as Aaron mentioned, it'd be easier to just jailbreak the phone if the phone itself isn't using a system-wide pin lock. A pin-locked device, however, is reasonably secure as the filesystem is hardware AES encrypted to a combination of pin+uuid. This was just an easy way to prevent multiple pin guesses by changing system time in settings, so that isn't the weakest part of the security model. Gregory Maxwell asks whether breadwallet is tamper-resistant & zero on tamper hardware, otherwise this sounds like security theater.... I attach a debugger to the process (or modify the program) and ignore the block-sourced time. William Yager responds that it's an iOS application, which is substantially more difficult to attach to a process than to convince the device to change its system time.
Updated on: 2023-06-09T01:29:57.617693+00:00