Installation Code Format#

While Zigbee smart energy networks allow the installation code to be comprised of either 6-, 8-, 12-, or 16-byte random, hexadecimal number with a 2-byte CRC appended to the end, Zigbee 3.0 (Z3) networks specifically require 16-byte hexadecimal installation codes, also accompanied by a 2-byte CRC. Note that the CRC16 should be delivered to the user in little endian byte order, as this is what is expected when the code is entered into the device that performs the AES-MMO hash algorithm. As far as the user is concerned, the CRC is part of the installation code and they do not need to know that it is there or why. Therefore, from the user’s point of view, the length of the install code is 18 bytes (with potentially 8-, 10-, or 14-byte variants possible in ZSE devices).

Manufacturing and managing the list of installation codes will play a part in choosing the size, security, and user experience in installing the device. A larger installation code size will mean less of a chance of an attacker "guessing" the installation code and eavesdropping on the initial join. However, smaller installation code is much easier for a user to read off the device during installation.

Note: The Zigbee 3.0 Base Device Behavior Specification requires that you only use a 16-byte installation code. While this may be more difficult to enter, it provides sufficient strength against an attacker from guessing the installation code and gaining unauthorized access to network or device.