diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 00000000..e69de29b
diff --git a/onionr/communicator2.py b/onionr/communicator2.py
index 0bce1511..bddb21da 100755
--- a/onionr/communicator2.py
+++ b/onionr/communicator2.py
@@ -82,7 +82,6 @@ class OnionrCommunicatorDaemon:
 
         # daemon tools are misc daemon functions, e.g. announce to online peers
         # intended only for use by OnionrCommunicatorDaemon
-        #self.daemonTools = onionrdaemontools.DaemonTools(self)
         self.daemonTools = onionrdaemontools.DaemonTools(self)
 
         self._chat = onionrchat.OnionrChat(self)
diff --git a/onionr/core.py b/onionr/core.py
index dcc95295..59e802a5 100644
--- a/onionr/core.py
+++ b/onionr/core.py
@@ -679,7 +679,6 @@ class Core:
         '''
 
         retData = False
-
         # check nonce
         dataNonce = self._utils.bytesToStr(self._crypto.sha3Hash(data))
         try:
diff --git a/onionr/onionrcrypto.py b/onionr/onionrcrypto.py
index 35a8050d..04c821cd 100644
--- a/onionr/onionrcrypto.py
+++ b/onionr/onionrcrypto.py
@@ -33,9 +33,7 @@ class OnionrCrypto:
         self._keyFile = self._core.dataDir + 'keys.txt'
         self.pubKey = None
         self.privKey = None
-
         self.secrets = secrets
-        
         self.deterministicRequirement = 25 # Min deterministic password/phrase length
         self.HASH_ID_ROUNDS = 2000
         self.keyManager = keymanager.KeyManager(self)
@@ -99,7 +97,6 @@ class OnionrCrypto:
     def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False):
         '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
         retVal = ''
-
         try:
             pubkey = pubkey.encode()
         except AttributeError:
@@ -198,7 +195,7 @@ class OnionrCrypto:
         private_key = nacl.signing.SigningKey.generate()
         public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder())
         return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode())
-    
+
     def generateDeterministic(self, passphrase, bypassCheck=False):
         '''Generate a Ed25519 public key pair from a password'''
         passStrength = self.deterministicRequirement
@@ -212,7 +209,7 @@ class OnionrCrypto:
         salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes
         ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
         mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
-        
+
         key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem)
         key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder())
         publicKey = key.public_key
@@ -285,6 +282,6 @@ class OnionrCrypto:
             logger.debug("Invalid token, bad proof")
 
         return retData
-    
+
     def safeCompare(self, one, two):
         return hmac.compare_digest(one, two)
diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py
index dbcf01e6..948563e3 100644
--- a/onionr/onionrutils.py
+++ b/onionr/onionrutils.py
@@ -23,7 +23,6 @@ import nacl.signing, nacl.encoding
 from onionrblockapi import Block
 import onionrexceptions
 from onionr import API_VERSION
-from defusedxml import minidom
 import onionrevents
 import pgpwords, onionrusers, storagecounter
 if sys.version_info < (3, 6):
@@ -372,6 +371,7 @@ class OnionrUtils:
                 pass
 
         # Validate metadata dict for invalid keys to sizes that are too large
+        maxAge = config.get("general.max_block_age", 2678400)
         if type(metadata) is dict:
             for i in metadata:
                 try:
@@ -392,6 +392,11 @@ class OnionrUtils:
                     if not self.isIntegerString(metadata[i]):
                         logger.warn('Block metadata time stamp is not integer string')
                         break
+                    if (metadata[i] - self.getEpoch()) > 30:
+                        logger.warn('Block metadata time stamp is set for the future, which is not allowed.')
+                        break
+                    if (self.getEpoch() - metadata[i]) > maxAge:
+                        logger.warn('Block is older than allowed: %s' % (maxAge,))
                 elif i == 'expire':
                     try:
                         assert int(metadata[i]) > self.getEpoch()
@@ -653,28 +658,6 @@ class OnionrUtils:
             retData = False
         return retData
 
-    def getNistBeaconSalt(self, torPort=0, rounding=3600):
-        '''
-            Get the token for the current hour from the NIST randomness beacon
-        '''
-        if torPort == 0:
-            try:
-                sys.argv[2]
-            except IndexError:
-                raise onionrexceptions.MissingPort('Missing Tor socks port')
-        retData = ''
-        curTime = self.getRoundedEpoch(rounding)
-        self.nistSaltTimestamp = curTime
-        data = self.doGetRequest('https://beacon.nist.gov/rest/record/' + str(curTime), port = torPort)
-        dataXML = minidom.parseString(data, forbid_dtd = True, forbid_entities = True, forbid_external = True)
-        try:
-            retData = dataXML.getElementsByTagName('outputValue')[0].childNodes[0].data
-        except ValueError:
-            logger.warn('Failed to get the NIST beacon value.')
-        else:
-            self.powSalt = retData
-        return retData
-
     def strToBytes(self, data):
         try:
             data = data.encode()
diff --git a/onionr/static-data/default_config.json b/onionr/static-data/default_config.json
index 5003d73b..5532797d 100644
--- a/onionr/static-data/default_config.json
+++ b/onionr/static-data/default_config.json
@@ -6,6 +6,7 @@
         "minimum_send_pow": 5,
         "socket_servers": false,
         "security_level": 0,
+        "max_block_age": 2678400,
         "public_key": ""
     },