Minimum PIN code length
BR/EDR
BLE
In a pairing process with Passkey (or PIN number) the device prompts the user or automatically generates a PIN number that must be entered at both paired ends. In addition to authenticating that both devices belong to the same user, the PIN number is used to generate the link key that will authenticate the devices in future connections, so the length must be adequate to avoid brute force attacks.
PIN numbers shorter than 8 digits in BR/EDR or 6 digits in BLE are not recommended due to their weakness against brute force attacks, so whether the device requests the PIN from the user or generates it automatically, the device must verify that the length is not shorter than 8 digits in BR/EDR and equal 6 digits in BLE.
Description
To check that short PIN numbers are not supported, you can try pairing with another device. When entering a number shorter than 8 digits in BR/EDR or 6 digits in BLE the device must reject it. If the PIN is generated by the device, it must be longer than 8 digits in BR/EDR and equal 6 digits in BLE.
In case the device is not the initiator, it must reject pairing attempts that specify a PIN number that is too short.
These tests can be performed with Bluetooth test devices that support PIN or Passkey authentication or using a PC with the operating system’s own tools.
Related resources
Some resources related to this control are the following:
| ID | Description |
|---|---|
| BSAM-RES-04 | Bluetooth connections sniffing |
| BSAM-RES-05 | Capture of a Bluetooth connection |
| BSAM-RES-07 | Sending and receiving HCI messages |
| BSAM-RES-09 | Changing the attributes of a controller |
Example case
The security of the Bluetooth communications of a car’s radio/infotainment unit is being evaluated. After verifying controls BSAM-PA-02 (Input and output capabilities), BSAM-PA-06 (Known Pin Codes), and BSAM-PA-07 (Predictable PIN codes), it is concluded that the analyzed device exposes physical capabilities consistent with the available hardware, specifically a display and a YES/NO input, as there is no full keyboard. Due to these input/output capabilities, the most secure authentication method involves comparing a PIN generated through automatic methods based on secure entropy sources.
To assess the security of PIN generation, the PIN must have a length of 6 digits. This is crucial because the not provided values internally are completed upt to 6 digits by the Bluetooth toolbox with 00 on the left side of the entered Pin Code. This reduces the variability of the Random Value field in the Pairing Random command.
This simplifies the process of regenerating link passwords, enabling attacks of the store now, decrypt later type.
The check control FAIL if the generated Pin Code does not have 6 digits.
