Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1XAW4I-00010G-WA for bitcoin-development@lists.sourceforge.net; Fri, 25 Jul 2014 03:21:15 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.192.49 as permitted sender) client-ip=209.85.192.49; envelope-from=will.yager@gmail.com; helo=mail-qg0-f49.google.com; Received: from mail-qg0-f49.google.com ([209.85.192.49]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1XAW4I-0001WJ-7f for bitcoin-development@lists.sourceforge.net; Fri, 25 Jul 2014 03:21:14 +0000 Received: by mail-qg0-f49.google.com with SMTP id j107so4457274qga.36 for ; Thu, 24 Jul 2014 20:21:08 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.224.55.202 with SMTP id v10mr22867288qag.10.1406258468719; Thu, 24 Jul 2014 20:21:08 -0700 (PDT) Received: by 10.140.30.198 with HTTP; Thu, 24 Jul 2014 20:21:08 -0700 (PDT) In-Reply-To: References: <53D1AF6C.7010802@gmail.com>

Date: Thu, 24 Jul 2014 23:21:08 -0400 Message-ID: From: William Yager Cc: "bitcoin-development@lists.sourceforge.net" Content-Type: multipart/alternative; boundary=001a11c3029a7d91c104fefc10bf X-Spam-Score: 0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (will.yager[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.2 MISSING_HEADERS Missing To: header 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1XAW4I-0001WJ-7f Subject: Re: [Bitcoin-development] Time X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jul 2014 03:21:15 -0000 --001a11c3029a7d91c104fefc10bf Content-Type: text/plain; charset=UTF-8 On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell wrote: > > Is breadwallet tamper resistant & zero on tamper hardware? otherwise > this sounds like security theater.... I attach a debugger to the > process (or modify the program) and ignore the block sourced time. > > It's an iOS application. I would imagine it is substantially more difficult to attach to a process (which, at the very least, requires root, and perhaps other things on iOS) than to convince the device to change its system time. That said, the security benefits might not be too substantial. --001a11c3029a7d91c104fefc10bf Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell <gmaxw= ell@gmail.com> wrote:

Is breadwallet tamper resistant & zero on tamper hardware? otherw= ise
this sounds like security theater.... I attach a debugger to the
process (or modify the program) and ignore the block sourced time.

It's an iOS applica= tion. I would imagine it is substantially more difficult to attach to a pro= cess (which, at the very least, requires root, and perhaps other things on = iOS) than to convince the device to change its system time.

That said, the securit= y benefits might not be too substantial.

--001a11c3029a7d91c104fefc10bf--