Wi-Fi Alliance Confidential
Wi-Fi Protected Setup Specification Page 17 of 110 Version: 1.0h
assigned the same Device Password, and the Device Password MUST not be based on other
characteristics of the device, such as MAC address or serial number.
Headless Devices
Headless devices (i.e., those without a display) are required by Wi-Fi Protected Setup to include an 8-
digit device password called a PIN (A PIN on a headless device is typically printed on a sticker or
otherwise physically inscribed on the device). The PIN value of a headless device must also be
configured into the device itself. This would typically be done during the manufacturing process.
PIN-based device passwords are the basic security level for Wi-Fi Protected Setup. Since one of the
digits in the PIN is used as a checksum, the PIN contains approximately 23 bits of entropy. This in itself
is not the biggest limitation, however. The biggest limitation is that this PIN may be a fixed value (when
it is on a label). Because a fixed PIN value is very likely to be reused, it is susceptible to active attack.
The protocol permits a user to override the default device password with a new value, which can help
security-conscious users reduce this vulnerability.
Probably the most significant class of headless devices in a WLAN is the AP itself. If possible, an AP
should generate and display a fresh PIN for establishing external Registrars each time the Registration
Protocol is run in the initial AP setup mode. However, if a sticker-based PIN is used, the AP should track
multiple failed attempts to authenticate as an external Registrar and then enter a lock-down state (This
state is signified by setting the attribute AP Setup Locked to TRUE).
In this state, the AP MUST refuse to run the Registration Protocol in initial AP setup mode (with the AP
acting as an Enrollee) with any external Registrars. This technique protects the AP’s PIN against brute
force attack by an attacker posing as a new external Registrar. During the AP Setup Locked state, it is
still possible to add new Enrollee devices to the WLAN, but it is not possible to add new external
Registrars using the AP’s PIN. The AP Setup Locked state can be reset to FALSE through the
SetAPSettings action (The SetAPSettings action can only be invoked by a previously authorized external
Registrar) or through some other AP-specific method. The AP may include, for example, a way to reset
this state using the AP’s administrative Web page. It is up to the AP implementation to decide when to
enter the AP Setup Locked state.
In addition to the PIN method, headless devices may implement the push button configuration (PBC)
method (Devices with richer UIs may also optionally implement the PBC method). The PBC method has
zero bits of entropy and only protects only against passive eavesdropping attacks. The PBC method
should only be used if no PIN-capable Registrar is available and the WLAN user is willing to accept the
security risks associated with PBC.
Although the security properties of these methods are weaker than the other options, they are included in
this specification to accommodate devices without displays or other out-of-band channels.
Devices with Displays
If an Enrollee device is capable of displaying either four or eight numeric digits, it is required to generate
a fresh device password each time it runs the Registration Protocol. This has two significant advantages.
First, because the password is single-use, it is not susceptible to the brute force attack described above.
Second, it is simpler to manufacture devices that dynamically generate keys than to have them pre-
configured and printed on stickers at the factory. There is also no risk that a display will fall off or get
lost, which is possible with a sticker. Devices with displays may display either 4 or 8 digit PINs. The last
digit of an 8-digit PIN is a checksum of the first 7 digits. Section 6.4.1 specifies how the checksum is
generated. Four-digit PINs do not include a checksum digit.
Devices with NFC or USB
If the Registrar supports the same out-of-band channel as the Enrollee, that channel can be used to deliver
strong device passwords (such as 256 bit random values) to the Registrar. The hash of the Enrollee’s