In the Bluetooth core document, there are various Association Models, I’m trying to understand Numeric Comparison, where both devices are capable of showing a six-digit number (which I will call the PIN, although apparently they don’t like that terminology).
The paragraph in section 188.8.131.52 of v4.2 says this:
The numeric comparison serves two purposes. First, since many devices do not have unique names, it provides confirmation to the user that the correct devices are connected with each other. Second, the numeric comparison provides protection against MITM attacks
I definitely understand the user confirmation part, but how does the PIN help guard against MitM?
I think the answer lies in this paragraph:
In the Numeric Comparison
association model, the six digit number is an artifact of the security algorithm
and not an input to it, as is the case in the Bluetooth security model
but I have no idea what that means.