Diary of a geek

November 2006
Mon Tue Wed Thu Fri Sat Sun

Andrew Pollock


Other people's blogs


RSS feed

Contact me

JavaScript required

Sunday, 05 November 2006

Just how secure are Bluetooth keyboards?

I'd like to get a Bluetooth keyboard for my MythTV machine. It'd be more convenient to drive it from the couch instead of crouching down in front of the TV on the existing USB keyboard.

Thing is, I'm paranoid about typing passwords over the air. Most of the wireless keyboards at Fry's are either IR (I'd be happy with this apart from the line-of-sight requirement) or running on some 27Mhz frequency I've never heard of, and so am rather wary of.

I'm assuming Bluetooth will be a little more secure given that it supposedly encrypts the communication, but I'm trying to determine how flawed or not that encryption is. This article was an interesting read, but didn't really address any of the cryptography involved.

It suggests that if I don't leave everything discoverable (which I wouldn't) and attackers aren't able to narrow their search space by knowing what sort of keyboard I have (which I'm guessing they could sniff anyway) that just sequentially searching the Bluetooth MAC address space would take over 1000 days.

So I'm assuming that if the keyboard is in use, then its MAC address is going to be known, so the question comes back around to the strength of the encryption...

Apple's website says it's 128-bit.

I guess I could get the gear and do some investigating myself, but I'm hardly a l33t h4x0r, so my self-penetration test would hardly be as comprehensive as being under attack from someone who was.

[11:06] [tech/security] [permalink]