If a keyboard remote device does not initially require encryption during initial ACL connection, then passwords (or other initial input) may be transmitted unencrypted. The main problem is that the input server does not force link encryption until *after* both the ctrl and intr l2cap channels are connected. This will allow the remote device to begin transmitting unencrypted hid input reports -- which is often a password! Inquiring minds can review hidp_add_connection() in input/device.c for details. However, before I submit a patch, is the device class from the sdp/hid record preferable to the l2cap socket device class (via btio)? Regards, Peter -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
