[security] Introducing signing support to MySensors
-
@ahmedadelhosni
We lock the atsha to make sure it can't be readable.
It does not matter that samd supports locking or not. The atmega328p does not. For now, we have a security scheme that supports any target, so we have to have a system that works for all.
For MySensors v3, an entirely new security scheme is under consideration. But it will mean dropping support for the atmga328p as it is not powerful enough.
As for what others do, I suggest you ask them :)
Security can be implemented in many ways. Each with drawbacks and benefits. The one currently in use is a scheme that can work on basically any target with reasonable security and performance. It has drawbacks, yes, but at the time of implementation, these were considered acceptable.
For the future, more sophisticated schemes can be used which are easier to use, arguably more secure but more complex in terms of computational power and protocol. The core team is investigating various solutions.@Anticimex said in [security] Introducing signing support to MySensors:
For MySensors v3, an entirely new security scheme is under consideration. But it will mean dropping support for the atmga328p as it is not powerful enough.
Eeekk... Does that mean any nodes based on the pro-mini etc will no longer work with v3.0 signing? Or will there be backwards compatibility to still use these with ATSHA204 as we do today?
-
@Anticimex said in [security] Introducing signing support to MySensors:
For MySensors v3, an entirely new security scheme is under consideration. But it will mean dropping support for the atmga328p as it is not powerful enough.
Eeekk... Does that mean any nodes based on the pro-mini etc will no longer work with v3.0 signing? Or will there be backwards compatibility to still use these with ATSHA204 as we do today?
@skywatch The security solution known as "signing" and "encryption" today will still be available in v3, but will then be referred as "legacy" signing. It will be considered obsolete and only bugfixing will take place, but it will still be supported. Also for the current newer devices, but it might not be ported to upcoming platforms with higher performence.
-
That was a fast reply! :) - Thank you, at least I can carry on building now :)
Where are the latest docs for signing and encryption for ver 2.2.0-rc.1? A few links on the site no longer work and I am having trouble finding what to do (eg HW signing, attach ATSHA204 like this, then do this, then do the other thing and in your sketch do this etc.....) You get the idea! ;)
-
That was a fast reply! :) - Thank you, at least I can carry on building now :)
Where are the latest docs for signing and encryption for ver 2.2.0-rc.1? A few links on the site no longer work and I am having trouble finding what to do (eg HW signing, attach ATSHA204 like this, then do this, then do the other thing and in your sketch do this etc.....) You get the idea! ;)
-
Wouldn't you believe it? - I just found this....
https://www.mysensors.org/apidocs-beta/group__MySigninggrpPub.html
-
Just had a quick look and that is a good explaination and example code too - This should be on the main site as it is much clearer and more user friendly than the current content.... Just my 0.02€
-
No problems. I have enough to learn a lot from now! :)
Just curious though as to what would be replacing the AT328p for v3.0 and signing and encryption - thinking to maybe order some now and get used to them..... Raspberry pi zeros everywhere or ...?
-
No problems. I have enough to learn a lot from now! :)
Just curious though as to what would be replacing the AT328p for v3.0 and signing and encryption - thinking to maybe order some now and get used to them..... Raspberry pi zeros everywhere or ...?
-
@alowhum progress on that is best viewed here: https://github.com/mysensors/MySensors/issues/1118
Progress is quite slow at the moment because I am busy with other things of personal nature, like buying a house and moving into it, so don't expect much to happen this year (unless anyone would like to help out :))
