[BRLTTY] What shall we do with bluetooth passkeys?
Jason White
jasonw at ariel.its.unimelb.edu.au
Thu Nov 16 19:11:07 EST 2006
On Thu, Nov 16, 2006 at 07:29:09AM -0500, Dave Mielke wrote:
> second is if it's
> sufficiently secure for a user to put his PIN in a general data file like
> brltty.conf or if it's ultimately better to just let Bluetooth hide it away
> somewhere and somehow.
Perhaps it would be better for a parameter in brltty.conf to specify the name
of the file where the pin is stored. That file could then be owned by root
with permissions 600, for example. Alternatively, just establish a standard
name/location for the pin file, configurable at compile-time.
Of course, anybody who gains root access will be able to read the pin, but
this is inevitable in that the information cannot be encrypted (the
application needs the original value), and it has to be stored somewhere.
More information about the BRLTTY
mailing list