Legacy Pairing

What Is Legacy Pairing?

pairing/" class="glossary-term-link" data-term="Legacy Pairing" data-definition="Original BLE pairing (pre-4.2), now deprecated." data-category="Security">Legacy Pairing is the original BLE key-exchange method defined in Bluetooth 4.0 and 4.1. It uses a Temporary Key (TK) derived from the chosen association model to generate a Short Term Key (STK), which encrypts the link during key distribution. While functional, Legacy Pairing has a well-documented vulnerability to passive eavesdropping that led to its replacement by LE Secure Connections (LESC) in Bluetooth 4.2.

How It Works

The Legacy Pairing flow proceeds as follows:

1. Feature Exchange -- devices exchange I/O capabilities, determining the association model (Just Works, Passkey Entry, or OOB).
2. TK Generation -- the TK is derived from the association model. For Just Works, TK is 0. For Passkey Entry, TK is the 6-digit passkey zero-padded to 128 bits.
3. Confirm/Random Exchange -- both devices generate random values and exchange cryptographic confirmations (Mconfirm/Mrand, Sconfirm/Srand) to verify they share the same TK.
4. STK Calculation -- both devices compute the STK from the TK and the exchanged random values using AES-128.
5. Encryption -- the link is encrypted with the STK.
6. Key Distribution -- the LTK, IRK, and other keys are distributed over the encrypted link.

The Eavesdropping Vulnerability

The fundamental weakness is that the TK has very low entropy. For Just Works, it is literally zero. For Passkey Entry, the 6-digit keyspace contains only 1,000,000 values. An attacker who records the entire pairing exchange can exhaustively test all possible TK values against the captured Confirm/Random values, recover the STK, decrypt the key distribution phase, and extract the LTK. With the LTK, the attacker can decrypt all future communications on that bond. This attack is entirely passive -- the attacker needs only a BLE sniffer.

When Legacy Pairing Is Still Used

Despite its weaknesses, Legacy Pairing remains in production for several reasons:

• Hardware constraints -- some older or ultra-low-cost SoCs lack the P-256 elliptic curve hardware required for LESC.
• Backward compatibility -- devices must interoperate with Bluetooth 4.0/4.1 peers that do not support LESC.
• Low-security applications -- products where the threat model does not include eavesdropping (e.g., a toy or non-sensitive sensor) may accept the risk.

Mitigation Strategies

If Legacy Pairing cannot be avoided, use OOB Pairing to exchange a 128-bit random TK through an out-of-band channel (NFC tap, QR code). This raises the brute-force difficulty from trivial to computationally infeasible. Alternatively, implement application-layer encryption on top of the BLE link to protect sensitive data independently of the pairing method.