Hi
I'd like to know your general opinion on using a Bluetooth enabled
device (cell phone) as a smart card replacement.
I'm thinking of using a phone to automaticly unlocking e.g. my computer
screensaver when I'm nearby. The devices needs to be paired of course.
But then, how "unsafe" is this realy? Can someone else spoof my phone
and thus fooling my computer other than using some kind of brute force?
Authentication is made two-ways, right?
Best regards
/Ronny Nilsson
-------------------------------------------------------
This SF.net email is sponsored by: 2005 Windows Mobile Application Contest
Submit applications for Windows Mobile(tm)-based Pocket PCs or Smartphones
for the chance to win $25,000 and application distribution. Enter today at
http://ads.osdn.com/?ad_id=6882&alloc_id=15148&op=click
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
Hi Ronny,
> > > paired of course. But then, how "unsafe" is this realy? Can someone
> > > else spoof my phone and thus fooling my computer other than using
> > > some kind of brute force? Authentication is made two-ways, right?
> >
> > this depends on how your automatic unlocking is working. If you know
> > the link key and the BD_ADDR you can spoof anything.
>
> Sure, but I was woundering how hard it is for an intruder to guess the
> link key. Of course if he sniff the traffic while doing the pairing
> with PIN he knows my code, but if he misses this pairing, then what is
> his chanses? The BD_ADDR is of course public (via a nearby scan).
>
> I haven't read the whole spec but minor parts of it. It says
> authentication can be made one-way or both-ways. Do BlueZ support both
> of these ways? Which is the most commonly used?
this all depends on. Unless you don't tell us something more about how
do you plan to realize the unlock thing this talking makes no sense. I
don't understand what you mean by one/two-way authentication. However
the Bluetooth authentication is weak if you don't enable encryption
directly afterwards.
Regards
Marcel
-------------------------------------------------------
This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r) & Windows Mobile(tm) platforms, applications & content. Register
by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
> > paired of course. But then, how "unsafe" is this realy? Can someone
> > else spoof my phone and thus fooling my computer other than using
> > some kind of brute force? Authentication is made two-ways, right?
>
> this depends on how your automatic unlocking is working. If you know
> the link key and the BD_ADDR you can spoof anything.
> Marcel
Sure, but I was woundering how hard it is for an intruder to guess the
link key. Of course if he sniff the traffic while doing the pairing
with PIN he knows my code, but if he misses this pairing, then what is
his chanses? The BD_ADDR is of course public (via a nearby scan).
I haven't read the whole spec but minor parts of it. It says
authentication can be made one-way or both-ways. Do BlueZ support both
of these ways? Which is the most commonly used?
Regards
/Ronny
-------------------------------------------------------
This SF.net email is sponsored by: 2005 Windows Mobile Application Contest
Submit applications for Windows Mobile(tm)-based Pocket PCs or Smartphones
for the chance to win $25,000 and application distribution. Enter today at
http://ads.osdn.com/?ad_id=6882&alloc_id=15148&op=click
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users
Hi Ronny,
> I'd like to know your general opinion on using a Bluetooth enabled
> device (cell phone) as a smart card replacement.
>
> I'm thinking of using a phone to automaticly unlocking e.g. my computer
> screensaver when I'm nearby. The devices needs to be paired of course.
> But then, how "unsafe" is this realy? Can someone else spoof my phone
> and thus fooling my computer other than using some kind of brute force?
> Authentication is made two-ways, right?
this depends on how your automatic unlocking is working. If you know the
link key and the BD_ADDR you can spoof anything.
Regards
Marcel
-------------------------------------------------------
This SF.net email is sponsored by: 2005 Windows Mobile Application Contest
Submit applications for Windows Mobile(tm)-based Pocket PCs or Smartphones
for the chance to win $25,000 and application distribution. Enter today at
http://ads.osdn.com/?ad_id=6882&alloc_id=15148&op=click
_______________________________________________
Bluez-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bluez-users