On Wed, 2025-06-04 at 08:41 -0400, Luiz Augusto von Dentz wrote: > Hmm, not so sure this is secure though, I mean it could be a rogue USB > device pretending to be a controller so it would automatically be > considered paired if we just self generate the keys without asking for > user confirmation. We can generate whatever we want, unless BlueZ will treat the key as bonded no question asked. Read on to see what I mean. > Yeah, the zero-click bond might be a security concern though, so I > think having the user do a confirmation for each step is sort of > assuring he knows (or at least pretend) what is going on. I strongly believe you only should confirm once. Especially since the first one doesn't actually pair or trust anything, instead it just creates the device record for it to be able to initiate a bonding connection to us without discoverable being on (as far as I understand it). The painful re-re-pairing process is so strongly tied with Bluetooth in our minds, so I really don't want to further increase its awkwardness. > When would we generate the confirmation though? I sort of trust more > the Bluetooth process to generate and exchange keys. That's exactly what I'd love to hear from someone, honestly :) I see a possible solution where we trigger agent on the first connect, even though the link key is already established. It might be a special flag for the device, or even just another value in the `LinkKey.Type' field -- meaning, "key was generated by us, should reconfirm pairing". -- Egor Vorontsov <sdoregor@xxxxxxxx>
