difference between encryption with personalization and simple password
-
^ Well, there is the man, right there (Anticimex). ^ :)
You are in much better hands now, I will go back to trying to follow along and learn, as most of that reply still went over my head. :D
@TRS-80 well thanks :) the condensed answer is, use personalization if you can, as that is more private than the simple password flag. And if you plan to use OTA, dualoptiboot is the safest approach to leverage mysensors library features such as signing and encryption.
-
@Anticimex is there a way to use both methods in one network? So to personalize nodes with the AES key (0x12; 0x34; 0x56; 0x00;...) and use SIMPLE_PASSWD "123456" (or some other derivativ)?
-
wow... to be honest I didn't expected it to be so easy... what flags are those "under the hood" settings?
-
@Anduril said in difference between encryption with personalization and simple password:
#define MY_RFM69_ENABLE_ENCRYPTION
@Anticimex
Interesting, I'm going to make a remote control for my gate with an RFM69HCW, obviously I don't want the signal to be sniffed and copied.I am new to MySensors, Is :
#define MY_RFM69_ENABLE_ENCRYPTION #define MY_SECURITY_SIMPLE_PASSWD "testpass"is simply enough?
What to add if not secure enough? -
@Anduril said in difference between encryption with personalization and simple password:
#define MY_RFM69_ENABLE_ENCRYPTION
@Anticimex
Interesting, I'm going to make a remote control for my gate with an RFM69HCW, obviously I don't want the signal to be sniffed and copied.I am new to MySensors, Is :
#define MY_RFM69_ENABLE_ENCRYPTION #define MY_SECURITY_SIMPLE_PASSWD "testpass"is simply enough?
What to add if not secure enough?@SuperNinja if memory serves me, you only need the simple flag. You can read more in the doxygen site: https://www.mysensors.org/apidocs/group__SecuritySettingGrpPub.html
-
@SuperNinja you only need
#define MY_SECURITY_SIMPLE_PASSWD "testpass". The other one would be needed for encryption wih personalization (so keys saved in eeprom or atsha-chip)@Anticimex is there a way to give the
SIMPLE_PASSWDin hex? As far as I understand the AES key in the personalizer sketch is a hex and the password in sketch would be ASCII. Therefor even if looking identical they would not match. Or do I have to create a password first and convert that to hex to be used in personalization... -
@SuperNinja you only need
#define MY_SECURITY_SIMPLE_PASSWD "testpass". The other one would be needed for encryption wih personalization (so keys saved in eeprom or atsha-chip)@Anticimex is there a way to give the
SIMPLE_PASSWDin hex? As far as I understand the AES key in the personalizer sketch is a hex and the password in sketch would be ASCII. Therefor even if looking identical they would not match. Or do I have to create a password first and convert that to hex to be used in personalization...@Anduril I do not thing there is a limitation as long as the value of the define is in legal c code initializer format. The preprocessor will "paste" your define where it is mentioned so you can search the code for it to see where it is used. I do not recall there being any logic that assume ascii in the define.
-
In the past, I did several tests about signing and encryption.
The results and my thoughts, you can find them here: https://forum.mysensors.org/topic/10382/security-signing-messages-and-encryption-of-messages-a-guide-or-more-a-summary-of-my-tests?_=1604220215583
Maybe it can help :-) -
In the past, I did several tests about signing and encryption.
The results and my thoughts, you can find them here: https://forum.mysensors.org/topic/10382/security-signing-messages-and-encryption-of-messages-a-guide-or-more-a-summary-of-my-tests?_=1604220215583
Maybe it can help :-)@Anticimex , @Anduril Thanks for this response
@evb great job, here is an easy to understand summary for beginners like me. Thanks
