On 04.10.2011 23:02, Nick Daly wrote: > For Secure Simple Paring, each device would transmit its > device ID along with the bluetooth key. If any device sees another > device send its own ID before the lock is confirmed, it sends a panic > signal and the paring attempt is canceled. Worst case scenario with > MITM attack: no paring is possible. Much better than an inappropriate > paring.
10^6 bruteforce against roaming around mobile devices is far more unlikely to succeed than 10^6 against a fixed line machine. Plus, when using NFC, there is no discovery phase. The more-than-1-inch wireless conversation will start "out of the blue" and directly between the tapped devices, making the business of an attacker really really hard. I'm all for implementing a cool assisted optical verification feature. But this can and should be communicated as "a gimmick for the paranoid" rather than as a necessity. Timur _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
