Minimum PIN code length
BR/EDR
BLE
In a pairing process using a Passkey (or PIN), the device prompts the user, or automatically generates, a numeric code that must be entered on both devices. Besides confirming that both devices belong to the same user, this PIN is used to generate the link key for authenticating future connections. Therefore, its length must be sufficient to resist brute force attacks.
PIN values shorter than 8 digits in BR/EDR or 6 digits in BLE are not recommended due to their low entropy. Whether the PIN is user entered or device generated, the device must ensure that it meets these minimum length requirements.
Description
To check that short PIN numbers are not supported, you can try pairing with another device. When entering a number shorter than 8 digits in BR/EDR or 6 digits in BLE the device must reject it. If the PIN is generated by the device, it must be longer than 8 digits in BR/EDR and equal 6 digits in BLE.
In case the device is not the initiator, it must reject pairing attempts that specify a PIN number that is too short.
These tests can be performed with Bluetooth test devices that support PIN or Passkey authentication or using a PC with the operating system’s own tools.
Related resources
Some resources related to this control are the following:
| ID | Description |
|---|---|
| BSAM-RES-04 | Bluetooth connections sniffing |
| BSAM-RES-05 | Capture of a Bluetooth connection |
| BSAM-RES-07 | Sending and receiving HCI messages |
| BSAM-RES-09 | Changing the attributes of a controller |
Example case
The security of the Bluetooth communications of a car’s radio/infotainment unit is being evaluated. After verifying controls BSAM-PA-02 (Input and output capabilities), BSAM-PA-06 (Known Pin Codes), and BSAM-PA-07 (Predictable PIN codes), it is concluded that the analyzed device exposes physical capabilities consistent with the available hardware, specifically a display and a YES/NO input, as there is no full keyboard. Due to these input/output capabilities, the most secure authentication method involves comparing a PIN generated through automatic methods based on secure entropy sources.
To assess the security of PIN generation, the PIN must have a length of 6 digits. This is crucial because the not provided values internally are completed upt to 6 digits by the Bluetooth toolbox with 00 on the left side of the entered Pin Code. This reduces the variability of the Random Value field in the Pairing Random command.
This simplifies the process of regenerating link passwords, enabling attacks of the store now, decrypt later type.
The check control FAIL if the generated Pin Code does not have 6 digits.
