From owner-freebsd-bluetooth@FreeBSD.ORG Fri Dec 19 19:35:29 2008 Return-Path: Delivered-To: freebsd-bluetooth@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 898641065674 for ; Fri, 19 Dec 2008 19:35:29 +0000 (UTC) (envelope-from plunky@rya-online.net) Received: from smtp02.one2one.net (smtp02.one2one.net [149.254.192.174]) by mx1.freebsd.org (Postfix) with ESMTP id 2781C8FC19 for ; Fri, 19 Dec 2008 19:35:28 +0000 (UTC) (envelope-from plunky@rya-online.net) Received: from [127.0.0.1] (helo=localhost) by localhost.localdomain with esmtp (Exim 4.50) id 1LDl88-0006la-Nl for freebsd-bluetooth@freebsd.org; Fri, 19 Dec 2008 19:35:24 +0000 Received: from localhost.t-mobile.co.uk ([127.0.0.1]) by localhost (smtpbeckt01 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25998-01 for ; Fri, 19 Dec 2008 19:35:24 +0000 (GMT) Received: from [10.206.8.46] (helo=rya-online.net) by localhost.localdomain with smtp (Exim 4.50) id 1LDl85-0006lV-Mx for freebsd-bluetooth@freebsd.org; Fri, 19 Dec 2008 19:35:24 +0000 Received: (nullmailer pid 935 invoked by uid 1000); Fri, 19 Dec 2008 19:33:49 -0000 Date: Fri, 19 Dec 2008 19:33:49 +0000 (GMT) To: freebsd-bluetooth@freebsd.org In-Reply-To: References: <200812182301.mBIN1PGs062021@lurza.secnetix.de> <1229708847.488082.724.nullmailer@galant.ukfsn.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-Id: <1229715229.577297.1167.nullmailer@galant.ukfsn.org> From: Iain Hibbert X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at example.com X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: plunky@rya-online.net X-SA-Exim-Scanned: No (on localhost.localdomain); SAEximRunCond expanded to false Subject: Re: Bluetooth socket timeout, device pairing X-BeenThere: freebsd-bluetooth@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Using Bluetooth in FreeBSD environments List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2008 19:35:29 -0000 On Fri, 19 Dec 2008, Maksim Yevmenkin wrote: > hmm... i think, i'd like to see hci dump now to see what is going on. IIRC Oliver said ECONNREFUSED was returned, it might also be worth grepping for that in the source to see how it can occur.. > i.e. wait for page response, not complete connection setup including > authentication. but then again, you never know :) and i have been > wrong before :) No I think thats right. page timeout is the time that it takes to catch attention of the remote device, not the time it takes to complete connection negotiations. > > more complex PIN does apparently mean more secure link key. > > mmmm.... i'm not that good in cryto, so i will let someone more > qualified to render an opinion on the subject :) I'm no crypto expert either but the only 'successful' generic attack I've heard about on bluetooth encryption required listening in on the initial pairing AND using weak PIN. I don't think it likely that any such attacks will be successful in the wild at any time soon though, as you say the hardware is not easily available for 'script kiddie' or even hardcore geek level, it would have to be some kind of targeted surveillance with a big budget. > > I wonder though, if "Change Connection Link Key" (not in hccontrol IIRC?) > > can be used to make the link key more secure without needing to pair with > > a complex PIN.. presumably it generates a new link key based on some kind > > of random value exchanged over the already secure connection? > > i guess i could always add it :) I guess that "Change Connection Link Key" is e21 mode that you described > > ps I am also wondering, what kind of evil lego machine it is that Oliver > > is making that he requires ultimate security on the command channel :) > > good call! now i want to know that too :) lego world domination team :) go lego! T-800: powered by FreeBSD? iain (eek!)