Bluetooth: host: Mark the option BT_FIXED_PASSKEY as insecure

Mark the option BT_FIXED_PASSKEY as an insecure option.
During Legacy pairing the passkey is used as encryption key, and
brute-forcing this is easy.
During LE Secure Connections the passkey is checked one bit at a time,
so when it is fixed the passkey can be deduced with series of pairing
attempts.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit is contained in:
Joakim Andersson 2021-02-02 15:36:53 +01:00 committed by Anas Nashif
commit 97d59a7c6d
2 changed files with 7 additions and 0 deletions

View file

@ -50,6 +50,7 @@ BT_HFP_HF,n,experimental
BT_RFCOMM,n,experimental
BT_DEBUG_SMP,n
BT_OOB_DATA_FIXED,n
BT_FIXED_PASSKEY,n
BT_DEBUG_KEYS,n
BT_USE_DEBUG_KEYS,n
BT_STORE_DEBUG_KEYS,n

Can't render this file because it has a wrong number of fields in line 44.

View file

@ -74,6 +74,12 @@ if(CONFIG_BT_DEBUG_SMP OR CONFIG_BT_DEBUG_KEYS)
production."
)
endif()
if(CONFIG_BT_FIXED_PASSKEY)
message(WARNING "CONFIG_BT_FIXED_PASSKEY is enabled
A fixed passkey is easy to deduce during the pairing procedure, do not use in
production."
)
endif()
if(CONFIG_BT_OOB_DATA_FIXED)
message(WARNING "CONFIG_BT_OOB_DATA_FIXED is enabled.
A hardcoded OOB data set will be stored in the image, do not use in