1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <will.yager@gmail.com>) id 1XAW4I-00010G-WA
for bitcoin-development@lists.sourceforge.net;
Fri, 25 Jul 2014 03:21:15 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.192.49 as permitted sender)
client-ip=209.85.192.49; envelope-from=will.yager@gmail.com;
helo=mail-qg0-f49.google.com;
Received: from mail-qg0-f49.google.com ([209.85.192.49])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1XAW4I-0001WJ-7f
for bitcoin-development@lists.sourceforge.net;
Fri, 25 Jul 2014 03:21:14 +0000
Received: by mail-qg0-f49.google.com with SMTP id j107so4457274qga.36
for <bitcoin-development@lists.sourceforge.net>;
Thu, 24 Jul 2014 20:21:08 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.224.55.202 with SMTP id v10mr22867288qag.10.1406258468719;
Thu, 24 Jul 2014 20:21:08 -0700 (PDT)
Received: by 10.140.30.198 with HTTP; Thu, 24 Jul 2014 20:21:08 -0700 (PDT)
In-Reply-To: <CAAS2fgSncktfkq0J23O04BWhtUD7V7OHCKAyuPbg7gJTKz-rTQ@mail.gmail.com>
References: <53D1AF6C.7010802@gmail.com>
<CACq0ZD56NuADphK-28zxR=dAPnZOPY4C0GO=zLdOhVxBpRKwoA@mail.gmail.com>
<CAAS2fgSncktfkq0J23O04BWhtUD7V7OHCKAyuPbg7gJTKz-rTQ@mail.gmail.com>
Date: Thu, 24 Jul 2014 23:21:08 -0400
Message-ID: <CAG8oi1MNot6RruCu5cLSFAND5noZToPLvTqMP26bwKQGU_2C3g@mail.gmail.com>
From: William Yager <will.yager@gmail.com>
Cc: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=001a11c3029a7d91c104fefc10bf
X-Spam-Score: 0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(will.yager[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.2 MISSING_HEADERS Missing To: header
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1XAW4I-0001WJ-7f
Subject: Re: [Bitcoin-development] Time
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 03:21:15 -0000
--001a11c3029a7d91c104fefc10bf
Content-Type: text/plain; charset=UTF-8
On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell <gmaxwell@gmail.com>
wrote:
>
> Is breadwallet tamper resistant & zero on tamper hardware? otherwise
> this sounds like security theater.... I attach a debugger to the
> process (or modify the program) and ignore the block sourced time.
>
>
It's an iOS application. I would imagine it is substantially more difficult
to attach to a process (which, at the very least, requires root, and
perhaps other things on iOS) than to convince the device to change its
system time.
That said, the security benefits might not be too substantial.
--001a11c3029a7d91c104fefc10bf
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell <span di=
r=3D"ltr"><<a href=3D"mailto:gmaxwell@gmail.com" target=3D"_blank">gmaxw=
ell@gmail.com</a>></span> wrote:<br><div class=3D"gmail_extra"><div clas=
s=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D""><br>
</div>Is breadwallet tamper resistant & zero on tamper hardware? otherw=
ise<br>
this sounds like security theater.... I attach a debugger to the<br>
process (or modify the program) and ignore the block sourced time.<br>
<div class=3D""><div class=3D"h5"><br>
</div></div></blockquote></div><br></div><div class=3D"gmail_extra"><div st=
yle=3D"font-family:arial,sans-serif;font-size:13px">It's an iOS applica=
tion. I would imagine it is substantially more difficult to attach to a pro=
cess (which, at the very least, requires root, and perhaps other things on =
iOS) than to convince the device to change its system time.</div>
<div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s=
tyle=3D"font-family:arial,sans-serif;font-size:13px">That said, the securit=
y benefits might not be too substantial.</div></div></div>
--001a11c3029a7d91c104fefc10bf--
|