https://devzone.nordicsemi.com/f/nordic-q-a/34162/does-static-passkey-provide-mitm-protection-after-ble4-2BLUETOOTH SPECIFICATION Version 5.0 | Vol 3, Part H page 2321 Figure 2.4 According to the figure, if an eavesdrop device exists in the pairing process, it is easy to obtain Cai, Nai, PKA, and PKb. It should not be difficult to obtain rai, and thusen-USTelligent Community 13Mon, 14 May 2018 14:37:54 GMThttps://devzone.nordicsemi.com/thread/131914?ContentTypeID=1Mon, 14 May 2018 14:37:54 GMT137ad170-7792-4731-bb38-c0d22fbe4515:0218b559-665f-4b65-b9bc-4fad43fa193aStayhungry<p>Thanks, Mttrinh.&nbsp;Great answer</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/131911?ContentTypeID=1Mon, 14 May 2018 14:30:17 GMT137ad170-7792-4731-bb38-c0d22fbe4515:249d5670-5f48-4eb4-b070-b23267d66615Mttrinh<p>Sorry, what I meant was that it is a low probabilty to guess the passkey,&nbsp;so for brute-force guesser it will take some time to connect to a device. For eavesdroppers, who can sniff the static passkey pairing transmission between two devices, it won&#39;t be difficult to get a hold of the passkey. So it is&nbsp;like you said once the static passkey is known it won&#39;t be secure at all.&nbsp;</p> <p>Static passkey&nbsp;will only help you avoid that users connect to the wrong device in a multi-device environment.&nbsp;If you need protection against MITM-attacks, you should use a random passkey with a display.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/131893?ContentTypeID=1Mon, 14 May 2018 13:28:36 GMT137ad170-7792-4731-bb38-c0d22fbe4515:0d2a8199-5b10-4b3f-8568-8166b4ca24d2Stayhungry<p>Just like Turbo J said, the MitM has all that is needed to perfectly fake the device once the static password is known.</p> <p>As I said in&nbsp;the question, getting a static passkey doesn&#39;t seem to be difficult, just need a sniffer ?</p> <p>So I think the static passkey cannot provide MITM protection. But there are many static passkey usages in the community, but I don&#39;t understand what the purpose of doing so is.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/131888?ContentTypeID=1Mon, 14 May 2018 13:16:55 GMT137ad170-7792-4731-bb38-c0d22fbe4515:c09b00fe-fea0-4745-8a32-73af8a345e9cTurbo J<p>Why the &quot;low probability&quot;? The MitM has all that is needed to perfectly fake the device once the static password is known.</p> <p></p> <p>This is the&nbsp;<strong>worst case</strong> - software allows setting mitm bit but is actually <strong>not</strong> mitm- safe.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/131882?ContentTypeID=1Mon, 14 May 2018 12:55:18 GMT137ad170-7792-4731-bb38-c0d22fbe4515:4e8ec90a-0c90-43c8-b89a-fed5b44d11b6Mttrinh<p>Hi,</p> <p>You will be able to get &quot;MITM protection&quot; when using static passkey, it&#39;s just that it isn&#39;t totally secure from MITM attacks. It&nbsp;is a relatively low probability for success.</p><div style="clear:both;"></div>