Possible securiy breach in ESPS.
-
Not sure if you guys watch or follow Kevin Darrah on YouTube but he found a way to clone the flash of the ESP, including wifi settings.
How To Read from ESP32 - CLONE/BACKUP Everything
He promised to post a follow up, with how to decrypt your flash.
-
I do not think it is a security breach, because ESP32 has AES256 encryption for flash data, if enabled.
https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/flash-encryption.html
-
@alexelite they do not, however, state exactly which variant of AES they use. If they do not generate an initialization vector and are not using some block chaining variant, AES is quite weak.
-
@Anticimex said in Possible securiy breach in ESPS.:
@alexelite they do not, however, state exactly which variant of AES they use. If they do not generate an initialization vector and are not using some block chaining variant, AES is quite weak.
thanks my issue has been fixed.
-
@Anticimex said in Possible securiy breach in ESPS.:
@Anticimex
AES is quite weak.Probably why the NSA/CIA/FBI etc all recommended it!
-
@Anticimex Don't think they use have encryption. It's just not powerful enough for that
-
@TheoL AES is not complicated to implement in hardware and the docs suggest they have it but the technical detail is low.
-
@skywatch are you implying they recommend AES without an IV or block chaining enhancement? I don't think so
-
@Anticimex No, I am saying that they already had a way to get AES data so that is why rhey promoted it for use generally. They are always way ahead of what we are allowed to have!
-
@skywatch that depend on the key size you choose, and how you deploy the implementation (like block chaining and random initialization).
Symmetric ciphers are even quite secure in the quantum world given large enough key sizes.
-
@Anticimex Surely in a quantum environment a key size is irrelevant?
-
@skywatch not really, depending on the algorithm
Suggested Topics
-
Over the air updates
General Discussion • 23 Mar 2014, 21:38 • ToSa 1 Mar 2015, 11:21 -
hlk-pm01 are to noisy for rfm69?
Hardware • 5 Aug 2023, 21:16 • Tmaster 9 Aug 2023, 16:28 -
Sensors and more
Hardware • 19 Jun 2023, 00:41 • Robert Leverett 19 Jun 2023, 00:41 -
Sensor to detect marijuana vape/smoke
Hardware • 21 Jan 2025, 06:36 • Hellmark 25 Feb 2025, 20:56 -
Sleep mode for bmp280
Hardware • 20 Feb 2018, 13:24 • fishermans 5 Feb 2024, 18:30 -
Best VOC sensor for detecting a wide range of VOC's?
Hardware • 26 Oct 2023, 23:59 • NeverDie 18 Nov 2023, 01:41
