https://devzone.nordicsemi.com/f/nordic-q-a/13659/can-private-address-be-used-to-stop-connectionHi, I&#39;ve read the BT specs covering addressing several times and still don&#39;t really understand how private addresses work in real life. Lets say my peripheral starts out with no IRKs stored and has never been bonded. During user setup, a known centralen-USTelligent Community 13Thu, 05 May 2016 02:22:00 GMThttps://devzone.nordicsemi.com/thread/52190?ContentTypeID=1Thu, 05 May 2016 02:22:00 GMT137ad170-7792-4731-bb38-c0d22fbe4515:c610c724-b6c4-4ee0-8682-a0e187524f61RK<p>If you have the additional step that someone has sniffed a whitelisted device getting connected then yes you can replay the address and get as far as connection. That&#39;s true of any address type, resolvable private addresses aren&#39;t about security, they are about privacy.</p> <p>Your second question doesn&#39;t make so much sense. You wouldn&#39;t usually share an IRK, an IRK is an identity and is coupled with all the encryption keys for that identity, you don&#39;t want two things to look like the same thing. You could if you wanted, but it wouldn&#39;t be usual. If you&#39;re asking how, after you bond with one device and move into a whitelist-only connection mode you can bond with a second one; either you drop the whitelisting, bond, then restart it with them both whitelisted, or you write something complicated to pass keys through the bonded device to add a second one.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/52189?ContentTypeID=1Thu, 05 May 2016 02:06:04 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9670f884-b2d0-40ba-ab9f-2edc61adbdffandrewjfox<p>How does a new, legitimate, central bond with the device, if it&#39;s previously bonded with another central? Is there a way of 2 centrals sharing the IRKs so the new central can also connect to the peripheral?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/52188?ContentTypeID=1Thu, 05 May 2016 01:45:59 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a7b520e3-c7de-4488-a404-88f8c6a98df4andrewjfox<p>But if someone is eavesdropping and they see what address is trasmitted, when they want to connect can&#39;t they just echo the same address. Even if it&#39;s encrypted, the final result will match the entry in the whitelist, or do I have this wrong</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/52187?ContentTypeID=1Thu, 05 May 2016 01:30:43 GMT137ad170-7792-4731-bb38-c0d22fbe4515:0262d53c-8313-48e1-afea-1339b97d1608RK<p>If you don&#39;t have the IRK you can&#39;t try to spoof the address, the private resolvable address is made up of a random part plus the same random part encrypted with the IRK.</p> <p>If the peripheral is set up only to accept connections from whitelisted peers then it will deny connection from anything not on the list. If that list contains some resolvable private addresses, ie basically IRKs as that&#39;s the important part, it will deny connection to any resolvable private address it sees which was not constructed using an IRK in that list.</p><div style="clear:both;"></div>