<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet type="text/xsl" href="https://devzone.nordicsemi.com/cfs-file/__key/system/syndication/rss.xsl" media="screen"?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Cant pair bluetooth peripheral with Secure connection and static passkey (Connect SDK)</title><link>https://devzone.nordicsemi.com/f/nordic-q-a/91401/cant-pair-bluetooth-peripheral-with-secure-connection-and-static-passkey-connect-sdk</link><description>I want to use the BLE Secure connection feature with the following options 
 
 CONFIG_BT_SMP_SC_PAIR_ONLY=y
CONFIG_BT_SMP_SC_ONLY=y
CONFIG_BT_SMP_APP_PAIRING_ACCEPT=y
CONFIG_BT_SMP_DISABLE_LEGACY_JW_PASSKEY=y
CONFIG_BT_FIXED_PASSKEY=y
 
 
 I know that</description><dc:language>en-US</dc:language><generator>Telligent Community 13</generator><lastBuildDate>Mon, 29 Aug 2022 21:59:19 GMT</lastBuildDate><atom:link rel="self" type="application/rss+xml" href="https://devzone.nordicsemi.com/f/nordic-q-a/91401/cant-pair-bluetooth-peripheral-with-secure-connection-and-static-passkey-connect-sdk" /><item><title>RE: Cant pair bluetooth peripheral with Secure connection and static passkey (Connect SDK)</title><link>https://devzone.nordicsemi.com/thread/383755?ContentTypeID=1</link><pubDate>Mon, 29 Aug 2022 21:59:19 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:7e942a3f-01d9-4dbc-86b8-b785aec70ee1</guid><dc:creator>Emil Lenngren</dc:creator><description>&lt;p&gt;Yes that is a simple way to solve the security problem unwanted access to the peripheral, but will not prevent for example subsequent passive eavesdropping.&lt;/p&gt;
&lt;p&gt;If you actually have a way to generate a random passkey, derived from external inputs, then security wise that will work just as good as an ordinary random passkey. The important thing here is that the 6 digit passkey is never reused.&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: Cant pair bluetooth peripheral with Secure connection and static passkey (Connect SDK)</title><link>https://devzone.nordicsemi.com/thread/383754?ContentTypeID=1</link><pubDate>Mon, 29 Aug 2022 21:48:22 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:0dbcb650-94e7-4eb5-b982-8ef1fc89cf98</guid><dc:creator>vcbz</dc:creator><description>&lt;p&gt;Thanks for the information, I will check it out.&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: Cant pair bluetooth peripheral with Secure connection and static passkey (Connect SDK)</title><link>https://devzone.nordicsemi.com/thread/383753?ContentTypeID=1</link><pubDate>Mon, 29 Aug 2022 21:40:03 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:59493a02-096c-4353-8bd2-0b2eec7f51bb</guid><dc:creator>vcbz</dc:creator><description>&lt;p&gt;Yes I saw that article and that is the reason I thought of generating a passkey that only the central and peripheral know how to generate depending on external inputs which are not static.&lt;/p&gt;
&lt;p&gt;The other route as you say instead I use another characteristic that allows me to unblock the functionality of the device. E.g. Peripheral generates a random value, central must write a secret passkey dependent on this value (e.g. encryption with AES256 with a secret salt), and as Peripheral knows this salt it can check if the central encrypted the value correctly.&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: Cant pair bluetooth peripheral with Secure connection and static passkey (Connect SDK)</title><link>https://devzone.nordicsemi.com/thread/383752?ContentTypeID=1</link><pubDate>Mon, 29 Aug 2022 21:23:53 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:deeafb69-7858-425a-9b8d-8e06e1c0c6f6</guid><dc:creator>Emil Lenngren</dc:creator><description>&lt;p&gt;You say that you are aware that using a static passkey is discouraged, but did you know that the protocol is kind of broken when static passkeys are used? Static passkeys can be brute forced in on average 10 attempts. See&amp;nbsp;&lt;a href="https://insinuator.net/2021/10/change-your-ble-passkey-like-you-change-your-underwear/"&gt;insinuator.net/.../&lt;/a&gt; for more info.&lt;/p&gt;
&lt;p&gt;Since you don&amp;#39;t follow the standard if static passkeys are used, I suggest you to switch to Just Works method. You can add some other kind of security if you like on top of GATT, which will be more secure. The absolutely simplest would be to write your &amp;quot;dynamically generated secret&amp;quot; to some characteristic.&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: Cant pair bluetooth peripheral with Secure connection and static passkey (Connect SDK)</title><link>https://devzone.nordicsemi.com/thread/383632?ContentTypeID=1</link><pubDate>Mon, 29 Aug 2022 09:46:48 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:db50e36a-bd31-48db-9e65-e584c72fbe70</guid><dc:creator>Kenneth</dc:creator><description>&lt;p&gt;I made this 2 years back, hopefully it haven&amp;#39;t changed too much:&lt;br /&gt;&lt;a href="https://devzone.nordicsemi.com/f/nordic-q-a/69202/zephyr-ble-static-passkey-between-central-and-peripheral-on-two-nrf52840s"&gt;Zephyr BLE static passkey between central and peripheral on two nrf52840s&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;Kenneth&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item></channel></rss>