PIN Security Schema
One of the most advanced features of the BitLox is the ability to configure multiple layers of PIN protection.
Let's take a look at the different levels and what they mean to your security.
1. Device PIN
The device PIN is you first line of defense. When the device is powered on, it is the first thing you see (except when the optional device verification is activated - more on that in a bit), and all communications are disabled. USB will not actually talk to the central processor, and Bluetooth is cut off.
All PINs may use numbers and letters, CAPITAL and lowercase, up to 20 characters. Twenty characters may not sound like much, but coupled with the exponential lockout times (described below) the keyspace of these PINs is enough to prevent any brute-force method of revealing your PINs.
If a device PIN is entered incorrectly, upon the next attempt you will be subject to a mandatory delay BEFORE the PIN is evaluated. This wait period goes up exponentially.
For example:
1 try = 2 seconds
...
5 tries = 32 seconds
....
10 tries = 17 minutes
15 tries = 9 hours
18 tries = 72 hours
20 tries = 288 hours or 12 days
Clearly a brute force attempt will not be getting anywhere!
2. Wallet PIN
Each wallet created on the BitLox has it's own PIN.
Keeping track of wallet PIN attempts is tricky in light of hidden wallets. We don't want to have any registers that show good/bad PIN entry for individual wallets, as that might imply in the case of hidden wallets the very existence of them. Instead, we keep an AGGREGATE count of failed PIN entry attempts over all the wallet opening attempts.
The threshold and delay for this is set at the time of device setup as such:
Standard setup - 10 attempts, after that automatic reboot and 15 minute delay
Advanced setup - 7 attempts, after that automatic reboot and 30 minute delay
Expert setup - 5 attempts, after that automatic reboot and 45 minute delay
3. Transaction PIN
When choosing expert setup for a WALLET, one has the option of setting a transaction PIN. This PIN must be entered upon every transaction before it is signed. It has the same PIN format (20 characters) as the device and wallet PINs.
Care must be taken with entering the transaction password, as ANY incorrect attempt results in an automatic reboot of the device and an escalating lockout, STARTING at 12 minutes, going up at a steep rate, 12 minutes -> 36 minutes -> 109 minutes -> 328 minutes (5.5 hours) ...etc.
This delay can ONLY be cleared by a correct entry of the relevant transaction PIN.
4. Device Verification PIN / AEM Protection
If the device verification PIN (also know as the "Anti Evil Maid" protection) is set, upon device power-on you will be presented with a PIN entry screen.
This one is a bit different. When you set up the AEM, you will set a display phrase that you will recognize. You ALSO will set a decryption PIN for this phrase.
The BitLox will store the recognition phrase, and upon startup will ask for a PIN with which to attempt decryption. Now, ALL PINs will result in the decryption of the stored encrypted data, but ONLY your specifically selected PIN will decrypt this data to the recognition phrase you previously set. This PIN is not stored in any form on the device; only you know it.
This is a method of the DEVICE validating itself to YOU to make sure it is YOUR device, and not an imposter!
With a layered approach to security, we hope that every user can find the level of security they need.