leto
commented
4 years ago This is pretty important, bumping up in priority
Open leto opened 4 years ago
leto
commented
4 years ago This is pretty important, bumping up in priority
leto
commented
4 years ago FYI this solved the issue TOB-ZEC-003 from https://github.com/trailofbits/publications/blob/master/reviews/zecwallet.pdf
leto
commented
4 years ago @gilardh are you able to work on this?
It would be nice to have an additional PIN/access code to lock down the SDA app. Our threat model is that somebody has their phone stolen, while unlocked. The attacker would be able to send all funds to an attacker-controlled address simply by opening up SDA. A PIN would prevent that.
The PIN seems like it could have 2 modes:
1) PIN required to send, all other operations work normally 2) PIN required to open SDA, no functionality without a PIN
I think the above 2 options cover the common use cases of having a PIN.