michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: host: Mark the option BT_FIXED_PASSKEY as insecure

Browse source 
Mark the option BT_FIXED_PASSKEY as an insecure option.
During Legacy pairing the passkey is used as encryption key, and
brute-forcing this is easy.
During LE Secure Connections the passkey is checked one bit at a time,
so when it is fixed the passkey can be deduced with series of pairing
attempts.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit is contained in:
Joakim Andersson 2021-02-02 15:36:53 +01:00 committed by Anas Nashif
commit 97d59a7c6d
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
subsys/bluetooth/host/CMakeLists.txt
View file

@ -74,6 +74,12 @@ if(CONFIG_BT_DEBUG_SMP OR CONFIG_BT_DEBUG_KEYS)
production."
)
endif()
if(CONFIG_BT_FIXED_PASSKEY)
message(WARNING "CONFIG_BT_FIXED_PASSKEY is enabled
A fixed passkey is easy to deduce during the pairing procedure, do not use in
production."
)
endif()
if(CONFIG_BT_OOB_DATA_FIXED)
message(WARNING "CONFIG_BT_OOB_DATA_FIXED is enabled.
A hardcoded OOB data set will be stored in the image, do not use in