1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <voisine@gmail.com>) id 1XAVMP-000851-PD
for bitcoin-development@lists.sourceforge.net;
Fri, 25 Jul 2014 02:35:53 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.219.53 as permitted sender)
client-ip=209.85.219.53; envelope-from=voisine@gmail.com;
helo=mail-oa0-f53.google.com;
Received: from mail-oa0-f53.google.com ([209.85.219.53])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1XAVMO-00086r-Aw
for bitcoin-development@lists.sourceforge.net;
Fri, 25 Jul 2014 02:35:53 +0000
Received: by mail-oa0-f53.google.com with SMTP id j17so4897141oag.12
for <bitcoin-development@lists.sourceforge.net>;
Thu, 24 Jul 2014 19:35:46 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.182.97.97 with SMTP id dz1mr18719227obb.13.1406255746748;
Thu, 24 Jul 2014 19:35:46 -0700 (PDT)
Received: by 10.60.98.204 with HTTP; Thu, 24 Jul 2014 19:35:46 -0700 (PDT)
In-Reply-To: <53D1AF6C.7010802@gmail.com>
References: <53D1AF6C.7010802@gmail.com>
Date: Thu, 24 Jul 2014 19:35:46 -0700
Message-ID: <CACq0ZD56NuADphK-28zxR=dAPnZOPY4C0GO=zLdOhVxBpRKwoA@mail.gmail.com>
From: Aaron Voisine <voisine@gmail.com>
To: Ron OHara <ron.ohara54@gmail.com>
Content-Type: multipart/alternative; boundary=047d7b2e43863f999f04fefb6e2f
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(voisine[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1XAVMO-00086r-Aw
Cc: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Time
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 02:35:53 -0000
--047d7b2e43863f999f04fefb6e2f
Content-Type: text/plain; charset=UTF-8
The upcoming release of breadwallet uses the height of the blockchain to
enforce timed pin code lockouts for preventing an attacker from
quickly making multiple pin guesses. This prevents them changing the
devices system time to get around the lockout period.
Aaron
On Thursday, July 24, 2014, Ron OHara <ron.ohara54@gmail.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I thought I should shortcut my research by asking a direct question here.
>
> As I understand it, the blockchain actually provides an extra piece of
> reliable data that is not being exploited by applications.
>
> Which data? The time. In this case 'the time' as agreed by >50% of
> the participants, where those participants have a strong financial
> incentive to keep that 'time' fairly accurate. (+/- about 10 minutes)
>
> Is this a reasonable understanding of 'time'? ... aka timestamps on the
> block
>
> Ok... 'time' on the blockchain could be 'gamed' ... but with great
> difficulty. An application presented with a fake blockchain can use
> quite a few heuristics to test the 'validity' of the block chain.
> It can review the usual cryptographic proofs, and check that difficulty
> is growing/declining only in a realistic manner up to the most recent
> block. Even use some arbitrary test like difficulty > 10,000,000,000
> ... on the presumption that any less means that the Bitcoin system has
> failed massively from where it currently is and has become an unreliable
> time source.
>
> Reliable 'time' has been impossible up until now - because you need to
> trust the time source, and that can always be faked. Using the
> blockchain as an approximate time source gives you a world wide
> consensus without direct trust of any player.
>
> So if this presumption is correct, then we can now build time capsule
> applications that can not be tricked into exposing their contents too
> early by running them in a virtual environment with the wrong system time.
>
> Is this right? or did miss I something fundamental?
>
> Ron
>
> - --
> public identify: https://www.onename.io/ron_ohara
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.20 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJT0a9sAAoJEAla1VT1+xc2ONQH/0R09guSNNCxP36KziAjfcBc
> JEhxMpIlqTTYEvNXaBmuPy4BN+IZQ9izgrW/cvlEJJNMmc5/VIBk83WZltmDwcKl
> oo4MIdmp6vz984GWToyyLcLSEDT60UE9Hhe+U9RyF5J9kwbN8Uy4ozUHhFVP/0EL
> q4O1V6ggPbHWgH4q8m8E9qWOlIFXCDgCjxpL8Ptxsk+UlBq2NWMiwTz6Tbc9KOB4
> hOffzXCZV+DkwjFZD2Rc4rHaxw1yLuYr7DzmzwZbhRQclv9tZt9hoVaAT+RQpE1k
> X7pi+zVzeMMng0bzUv8t/G+gq0gaelyV41MJQRparEXhnuYkgU7rAPKIQEG8qpc=
> =T5fw
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net <javascript:;>
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--
Aaron Voisine
breadwallet.com
--047d7b2e43863f999f04fefb6e2f
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
The upcoming release of breadwallet uses the height of the blockchain to en=
force timed=C2=A0pin code lockouts for=C2=A0preventing an attacker from qui=
ckly=C2=A0making multiple pin guesses. This prevents them changing the devi=
ces system time to get around the lockout period.<span></span><div>
<br></div><div>Aaron<br><br>On Thursday, July 24, 2014, Ron OHara <<a hr=
ef=3D"mailto:ron.ohara54@gmail.com">ron.ohara54@gmail.com</a>> wrote:<br=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex">
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
I thought I should shortcut my research by asking a direct question here.<b=
r>
<br>
As I understand it, the blockchain actually provides an extra piece of<br>
reliable data that is not being exploited by applications.<br>
<br>
Which data? =C2=A0The time. =C2=A0 In this case 'the time' as agree=
d by >50% of<br>
the participants, where those participants have a strong financial<br>
incentive to keep that 'time' fairly accurate. (+/- about 10 minute=
s)<br>
<br>
Is this a reasonable understanding of 'time'? ... aka timestamps on=
the<br>
block<br>
<br>
Ok... 'time' on the blockchain could be 'gamed' ... but wit=
h great<br>
difficulty. An application presented with a fake blockchain can use<br>
quite a few heuristics to test the 'validity' of the block chain.<b=
r>
It can review the usual cryptographic proofs, and check that difficulty<br>
is growing/declining only in a realistic manner up to the most recent<br>
block. Even use some arbitrary test like difficulty > 10,000,000,000<br>
... on the presumption that any less means that the Bitcoin system has<br>
failed massively from where it currently is and has become an unreliable<br=
>
time source.<br>
<br>
Reliable 'time' has been impossible up until now - because you need=
to<br>
trust the time source, and that can always be faked. =C2=A0Using the<br>
blockchain as an approximate time source gives you a world wide<br>
consensus without direct trust of any player.<br>
<br>
So if this presumption is correct, then we can now build time capsule<br>
applications that can not be tricked into exposing their contents too<br>
early by running them in a virtual environment with the wrong system time.<=
br>
<br>
Is this right? or did miss I something fundamental?<br>
<br>
Ron<br>
<br>
- --<br>
public identify: <a href=3D"https://www.onename.io/ron_ohara" target=3D"_bl=
ank">https://www.onename.io/ron_ohara</a><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.20 (GNU/Linux)<br>
Comment: Using GnuPG with Thunderbird - <a href=3D"http://www.enigmail.net/=
" target=3D"_blank">http://www.enigmail.net/</a><br>
<br>
iQEcBAEBAgAGBQJT0a9sAAoJEAla1VT1+xc2ONQH/0R09guSNNCxP36KziAjfcBc<br>
JEhxMpIlqTTYEvNXaBmuPy4BN+IZQ9izgrW/cvlEJJNMmc5/VIBk83WZltmDwcKl<br>
oo4MIdmp6vz984GWToyyLcLSEDT60UE9Hhe+U9RyF5J9kwbN8Uy4ozUHhFVP/0EL<br>
q4O1V6ggPbHWgH4q8m8E9qWOlIFXCDgCjxpL8Ptxsk+UlBq2NWMiwTz6Tbc9KOB4<br>
hOffzXCZV+DkwjFZD2Rc4rHaxw1yLuYr7DzmzwZbhRQclv9tZt9hoVaAT+RQpE1k<br>
X7pi+zVzeMMng0bzUv8t/G+gq0gaelyV41MJQRparEXhnuYkgU7rAPKIQEG8qpc=3D<br>
=3DT5fw<br>
-----END PGP SIGNATURE-----<br>
<br>
<br>
---------------------------------------------------------------------------=
---<br>
Want fast and easy access to all the code in your enterprise? Index and<br>
search up to 200,000 lines of code with a free copy of Black Duck<br>
Code Sight - the same software that powers the world's largest code<br>
search on Ohloh, the Black Duck Open Hub! Try it now.<br>
<a href=3D"http://p.sf.net/sfu/bds" target=3D"_blank">http://p.sf.net/sfu/b=
ds</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"javascript:;" onclick=3D"_e(event, 'cvml', 'Bitcoin-=
development@lists.sourceforge.net')">Bitcoin-development@lists.sourcefo=
rge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div><br><br>-- <br><br>Aaron Voisine<br><a href=3D"http://br=
eadwallet.com" target=3D"_blank">breadwallet.com</a><br>
--047d7b2e43863f999f04fefb6e2f--
|