[17358] in cryptography@c2.net mail archive
Re: Bluetooth cracked further
daemon@ATHENA.MIT.EDU (Dan Riley)
Sat Jun 4 12:16:32 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Matt Crawford <crawdad@fnal.gov>
Cc: "Perry E. Metzger" <perry@piermont.com>,
cryptography@metzdowd.com
From: Dan Riley <dsr@mail.lns.cornell.edu>
Date: 04 Jun 2005 11:50:03 -0400
In-Reply-To: <dfd1aefe4b1974a0af0bbd33690f5e4e@fnal.gov>
Matt Crawford <crawdad@fnal.gov> writes:
> On Jun 3, 2005, at 11:55, Perry E. Metzger wrote:
> > 2) They also have a way of forcing pairing to happen, by impersonating
> > one of the devices and saying "oops! I need to pair again!" to the
> > other.
>
> Do the devices then pair again without user intervention, re-using the
> PIN that paired them initially?
In the notes for section 5, they say
If the attack is successful, the Bluetooth user will need to enter
the PIN again - so a suspicious user may realize that his
Bluetooth device is under attack and refuse to enter the PIN.
So no, it doesn't re-pair without intervention.
-dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
