summaryrefslogtreecommitdiff
path: root/65/12e58e10324e5fdca0bc8de95b5d7f0be92136
blob: 73334b699254656f192cb93751fe5ddeb2ce4575 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <will.yager@gmail.com>) id 1XAW4I-00010G-WA
	for bitcoin-development@lists.sourceforge.net;
	Fri, 25 Jul 2014 03:21:15 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.192.49 as permitted sender)
	client-ip=209.85.192.49; envelope-from=will.yager@gmail.com;
	helo=mail-qg0-f49.google.com; 
Received: from mail-qg0-f49.google.com ([209.85.192.49])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1XAW4I-0001WJ-7f
	for bitcoin-development@lists.sourceforge.net;
	Fri, 25 Jul 2014 03:21:14 +0000
Received: by mail-qg0-f49.google.com with SMTP id j107so4457274qga.36
	for <bitcoin-development@lists.sourceforge.net>;
	Thu, 24 Jul 2014 20:21:08 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.224.55.202 with SMTP id v10mr22867288qag.10.1406258468719;
	Thu, 24 Jul 2014 20:21:08 -0700 (PDT)
Received: by 10.140.30.198 with HTTP; Thu, 24 Jul 2014 20:21:08 -0700 (PDT)
In-Reply-To: <CAAS2fgSncktfkq0J23O04BWhtUD7V7OHCKAyuPbg7gJTKz-rTQ@mail.gmail.com>
References: <53D1AF6C.7010802@gmail.com>
	<CACq0ZD56NuADphK-28zxR=dAPnZOPY4C0GO=zLdOhVxBpRKwoA@mail.gmail.com>
	<CAAS2fgSncktfkq0J23O04BWhtUD7V7OHCKAyuPbg7gJTKz-rTQ@mail.gmail.com>
Date: Thu, 24 Jul 2014 23:21:08 -0400
Message-ID: <CAG8oi1MNot6RruCu5cLSFAND5noZToPLvTqMP26bwKQGU_2C3g@mail.gmail.com>
From: William Yager <will.yager@gmail.com>
Cc: "bitcoin-development@lists.sourceforge.net"
	<bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=001a11c3029a7d91c104fefc10bf
X-Spam-Score: 0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(will.yager[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.2 MISSING_HEADERS        Missing To: header
	1.0 HTML_MESSAGE           BODY: HTML included in message
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1XAW4I-0001WJ-7f
Subject: Re: [Bitcoin-development] Time
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 03:21:15 -0000

--001a11c3029a7d91c104fefc10bf
Content-Type: text/plain; charset=UTF-8

On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell <gmaxwell@gmail.com>
wrote:

>
> Is breadwallet tamper resistant & zero on tamper hardware? otherwise
> this sounds like security theater.... I attach a debugger to the
> process (or modify the program) and ignore the block sourced time.
>
>
It's an iOS application. I would imagine it is substantially more difficult
to attach to a process (which, at the very least, requires root, and
perhaps other things on iOS) than to convince the device to change its
system time.

That said, the security benefits might not be too substantial.

--001a11c3029a7d91c104fefc10bf
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On Thu, Jul 24, 2014 at 10:39 PM, Gregory Maxwell <span di=
r=3D"ltr">&lt;<a href=3D"mailto:gmaxwell@gmail.com" target=3D"_blank">gmaxw=
ell@gmail.com</a>&gt;</span> wrote:<br><div class=3D"gmail_extra"><div clas=
s=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D""><br>
</div>Is breadwallet tamper resistant &amp; zero on tamper hardware? otherw=
ise<br>
this sounds like security theater.... I attach a debugger to the<br>
process (or modify the program) and ignore the block sourced time.<br>
<div class=3D""><div class=3D"h5"><br>
</div></div></blockquote></div><br></div><div class=3D"gmail_extra"><div st=
yle=3D"font-family:arial,sans-serif;font-size:13px">It&#39;s an iOS applica=
tion. I would imagine it is substantially more difficult to attach to a pro=
cess (which, at the very least, requires root, and perhaps other things on =
iOS) than to convince the device to change its system time.</div>
<div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s=
tyle=3D"font-family:arial,sans-serif;font-size:13px">That said, the securit=
y benefits might not be too substantial.</div></div></div>

--001a11c3029a7d91c104fefc10bf--