Published on: 2014-07-28T17:33:30+00:00
In a discussion on Bitcoin's blockchain technology, concerns are raised about the security of breadwallet, an iOS application for Bitcoin storage. The use of a PIN lock as a security measure is questioned, and various suggestions are made to improve it. One suggestion is to record the time of each failed PIN attempt and not allow further attempts until time has advanced past the previous attempt. Another suggestion is to use the block height instead of the timestamp for determining the delay. The security benefits of breadwallet being tamper-resistant and zero-on-tamper hardware are also questioned, with suggestions of attaching a debugger or modifying the program to ignore the block-sourced time. However, it is noted that attaching to a process on an iOS device is more difficult than changing the system time. The overall security of breadwallet is debated, with some participants expressing doubts.The conversation also touches on the use of the blockchain as a reliable time source. It is mentioned that miners have previously manipulated the timestamp to increase their gigahashes. Concerns are raised about the possibility of an application being given a fake blockchain and getting stuck in the past forever. It is suggested to use at least three block chains to obtain reliable time sources and ensure they all agree within an hour. It is also mentioned that apps can currently obtain Bitcoin-level trusted time by polling independent servers. The advantages of using the blockchain as an approximate time source are discussed, including worldwide consensus without direct trust of any player.Overall, the discussion highlights the challenges and considerations involved in designing secure PIN verification systems and utilizing the blockchain as a time source. The security of breadwallet and the potential vulnerabilities it may have are examined, while different approaches and suggestions are presented to enhance its security.
Updated on: 2023-08-01T09:56:09.500369+00:00