On Thu, 2025-06-05 at 01:50 +0300, Egor Vorontsov wrote: > On Wed, 2025-06-04 at 08:41 -0400, Luiz Augusto von Dentz wrote: > > Hmm, not so sure this is secure though, I mean it could be a rogue > > USB > > device pretending to be a controller so it would automatically be > > considered paired if we just self generate the keys without asking > > for > > user confirmation. > > We can generate whatever we want, unless BlueZ will treat the key as > bonded no question asked. Read on to see what I mean. > > > Yeah, the zero-click bond might be a security concern though, so I > > think having the user do a confirmation for each step is sort of > > assuring he knows (or at least pretend) what is going on. > > I strongly believe you only should confirm once. Especially since the > first one doesn't actually pair or trust anything, instead it just > creates the device record for it to be able to initiate a bonding > connection to us without discoverable being on (as far as I > understand > it). It also modifies the controller's storage to tell it to connect to our computer when clicking the PS button. > > The painful re-re-pairing process is so strongly tied with Bluetooth > in > our minds, so I really don't want to further increase its > awkwardness. > > > When would we generate the confirmation though? I sort of trust > > more > > the Bluetooth process to generate and exchange keys. > > That's exactly what I'd love to hear from someone, honestly :) > > I see a possible solution where we trigger agent on the first > connect, > even though the link key is already established. It might be a > special > flag for the device, or even just another value in the `LinkKey.Type' > field -- meaning, "key was generated by us, should reconfirm > pairing".
