Iain Hibbert wrote:
On Mon, 31 Mar 2008, mato wrote:
However, Windows can manage this as it asks for PIN key when connection
initiation fails. While I don't expect FreeBSD asking for a PIN, it might be
quite useful if it could automatically (upon a connection establishing
failure) throw away its stored link key and recreate it from PIN as Windows
does.
btw That would be the wrong thing to do. The stored link key is the
'password' for the remote BDADDR to connect to your services and it is
possible on many devices to change the bluetooth device address (BDADDR)
You don't want to make it so that a remote attacker can just cause a
'password' reset by pretending to be an authorised device, and this is the
reason PINs should not be permanently stored..
iain
Well, I haven't thought of this and you've got a point.
On the other hand, stored link key doesn't have to be reset. I can
imagine that if the link key didn't work FreeBSD could fall back to PIN
as it does in the beginning and only if PINs matched new link key would
be stored. Thus attacker would need to know the PIN which is normally
not likely. Also, PIN can and should be longer and even composed of
alphanumerals.
Well, at least this is what Windows do AFAIK -- when link key was
changed they pop up dialogue asking for (new) PIN.
The only problem I see now is with devices with predefined or, worse,
set-in-stone PINs. :-/
Regards,
Martin
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bluetooth
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
