[security] Migrating from library version 2.1 to 2.2
-
Hey @Anticimex, thanks for the reply.
The simple version is really great, don't get me wrong. Absolutely great usability!
The reason I would like a non-signing option is that it saves a lot of ram. By only using encryption it should be possible to continue using Arduino Nano's as nodes.
I tried using the MY_SIGNING_SIMPLE_PASSWD option on my Nano's, and the result was that most of my sketches became too big or unstable.
There just isn't enough space/ram for both hardcore security and sensor libraries.
Thanks for explaining that I might be able to 'criple' the MY_SIGNING_SIMPLE_PASSWD option. I would suggest that this 'crippling' could perhaps become a feature in itself called "MY_ENCRYPTION_SIMPLE_PASSWD (without the signing).
@alowhum I will consider it for 2.2.1. But I also need to mind the complexity of the overall functionality. I don't want the security solution to grow more into a beast than it already is.
The functionality you seek is really simple to implement. But gives even more options for a user to decide on. And although that is for some a great thing it is not for everyone.
I will see if I can somehow structure the documentation to outline all the configuration settings and try to give each a elaborate description on pros and cons. -
Hey @Anticimex, thanks for the reply.
The simple version is really great, don't get me wrong. Absolutely great usability!
The reason I would like a non-signing option is that it saves a lot of ram. By only using encryption it should be possible to continue using Arduino Nano's as nodes.
I tried using the MY_SIGNING_SIMPLE_PASSWD option on my Nano's, and the result was that most of my sketches became too big or unstable.
There just isn't enough space/ram for both hardcore security and sensor libraries.
Thanks for explaining that I might be able to 'criple' the MY_SIGNING_SIMPLE_PASSWD option. I would suggest that this 'crippling' could perhaps become a feature in itself called "MY_ENCRYPTION_SIMPLE_PASSWD (without the signing).
I did have same issues, with new version, when was in testing stage.
Try at the top of sketch add these:
#define MY_DISABLE_SIGNAL_REPORT #define MY_SPLASH_SCREEN_DISABLEDYou save a lot of space. All my nodes are on ATMEGA328 and no space issues. Max node with signing + encryption + relay + temp uses 67% of space
-
I did have same issues, with new version, when was in testing stage.
Try at the top of sketch add these:
#define MY_DISABLE_SIGNAL_REPORT #define MY_SPLASH_SCREEN_DISABLEDYou save a lot of space. All my nodes are on ATMEGA328 and no space issues. Max node with signing + encryption + relay + temp uses 67% of space
@sineverba there is also a documentation section on this: https://www.mysensors.org/apidocs/group__memorysavings.html
-
I did have same issues, with new version, when was in testing stage.
Try at the top of sketch add these:
#define MY_DISABLE_SIGNAL_REPORT #define MY_SPLASH_SCREEN_DISABLEDYou save a lot of space. All my nodes are on ATMEGA328 and no space issues. Max node with signing + encryption + relay + temp uses 67% of space
@sineverba I also believe the signal report flag is reversed nowadays, and is an opt-in feature and not an opt-out feature, using MY_SIGNAL_REPORT_ENABLED which defaults to "off". Hence it is not listed in the memory savings section of the documentation, but the documentation of MY_SIGNAL_REPORT_ENABLED does warn that it adds about 1k of flash use.
-
@sineverba I also believe the signal report flag is reversed nowadays, and is an opt-in feature and not an opt-out feature, using MY_SIGNAL_REPORT_ENABLED which defaults to "off". Hence it is not listed in the memory savings section of the documentation, but the documentation of MY_SIGNAL_REPORT_ENABLED does warn that it adds about 1k of flash use.
@anticimex Ah, I did not know, cause I'm in 2.2.0 rc2 (when something works... don't touch it! :D )
-
@alowhum check the development branch. Simple password system has been reworked. Also, documentation is updated.
@anticimex Awesome!
So I had a look at the new code, and is this a fair summary?:
- Simple encryption and simple signing are now two separate functions you can call at the top of your script by adding a line with a password: MY_ENCRYPTION_SIMPLE_PASSWD and MY_SIGNING_SIMPLE_PASSWD.
- You can also just put "MY_SECURITY_SIMPLE_PASSWD" at the top of your script, and that will do both in one go. This used to be called the MY_SIGNING_SIMPLE_PASSWD option, which also did both.
MY_SIGNING_SIMPLE_PASSWD is now called MY_SECURITY_SIMPLE_PASSWD. MY_SIGNING_SIMPLE_PASSWD only affects signing, and a new flag, MY_ENCRYPTION_SIMPLE_PASSWD only affects encryption. MY_SECURITY_SIMPLE_PASSWD enable both these flags.This is simply wonderful.
- More choice and flexibility for the end user.
- Get some simple security on your existing Arduino hardware.
Thank you so much for this.
-
@anticimex Awesome!
So I had a look at the new code, and is this a fair summary?:
- Simple encryption and simple signing are now two separate functions you can call at the top of your script by adding a line with a password: MY_ENCRYPTION_SIMPLE_PASSWD and MY_SIGNING_SIMPLE_PASSWD.
- You can also just put "MY_SECURITY_SIMPLE_PASSWD" at the top of your script, and that will do both in one go. This used to be called the MY_SIGNING_SIMPLE_PASSWD option, which also did both.
MY_SIGNING_SIMPLE_PASSWD is now called MY_SECURITY_SIMPLE_PASSWD. MY_SIGNING_SIMPLE_PASSWD only affects signing, and a new flag, MY_ENCRYPTION_SIMPLE_PASSWD only affects encryption. MY_SECURITY_SIMPLE_PASSWD enable both these flags.This is simply wonderful.
- More choice and flexibility for the end user.
- Get some simple security on your existing Arduino hardware.
Thank you so much for this.
@alowhum you are welcome. Just remember that simple in this context also mean weak. Storing the secrets in the sketch is a huge security implication on targets that does not support readout protection. Atmga328p among others.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alowhum you are welcome. Just remember that simple in this context also mean weak. Storing the secrets in the sketch is a huge security implication on targets that does not support readout protection. Atmga328p among others.
@anticimex I understand. But if my neighbour has access to the nodes inside my house, then I have a bigger security problem :-)
-
@anticimex I understand. But if my neighbour has access to the nodes inside my house, then I have a bigger security problem :-)
@alowhum right, but if you update your sketches OTA, he can potentially sniff your key OTA as well and then he does not need to enter your house ;)
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alowhum right, but if you update your sketches OTA, he can potentially sniff your key OTA as well and then he does not need to enter your house ;)
@anticimex Heh, then I will invite him/her over for tea congratulate them. And then apply some verbal security :-P
Can Arduino nano's be updated OTA?
-
@anticimex Heh, then I will invite him/her over for tea congratulate them. And then apply some verbal security :-P
Can Arduino nano's be updated OTA?
-
@alowhum afaik all MySensors capable nodes can be updated OTA with the appropriate bootloader programmed.
@anticimex Wow, I didn't know that! I've gotta look into that! cool!
-
@anticimex Wow, I didn't know that! I've gotta look into that! cool!
@alowhum in general where are two options, DualOptiboot which require an external spi flash but is radio agnostic, or the mysbooloader which have no requirements on external components but might need to be recompiled to match your radio settings.
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
-
@alowhum in general where are two options, DualOptiboot which require an external spi flash but is radio agnostic, or the mysbooloader which have no requirements on external components but might need to be recompiled to match your radio settings.
-
@anticimex I haven't found dual optiboot for all mysensors boards, but maybe there is a way to make it work and I'm not expert on this
@gohan hence my comment "in general", and in this sence I believe the board in question is "Can Arduino nano's be updated OTA?" and a nano is atmega328p based, and I believe it supports both bootloader variants. Of course there are some devices that might not support both, or perhaps even any of them, but as most of this discussion relates to resource limited nodes, I think only atmega328p based devices are considered.
-
@anticimex Awesome!
So I had a look at the new code, and is this a fair summary?:
- Simple encryption and simple signing are now two separate functions you can call at the top of your script by adding a line with a password: MY_ENCRYPTION_SIMPLE_PASSWD and MY_SIGNING_SIMPLE_PASSWD.
- You can also just put "MY_SECURITY_SIMPLE_PASSWD" at the top of your script, and that will do both in one go. This used to be called the MY_SIGNING_SIMPLE_PASSWD option, which also did both.
MY_SIGNING_SIMPLE_PASSWD is now called MY_SECURITY_SIMPLE_PASSWD. MY_SIGNING_SIMPLE_PASSWD only affects signing, and a new flag, MY_ENCRYPTION_SIMPLE_PASSWD only affects encryption. MY_SECURITY_SIMPLE_PASSWD enable both these flags.This is simply wonderful.
- More choice and flexibility for the end user.
- Get some simple security on your existing Arduino hardware.
Thank you so much for this.
@alowhum said in [security] Migrating from library version 2.1 to 2.2:
@anticimex Awesome!
So I had a look at the new code, and is this a fair summary?:
- Simple encryption and simple signing are now two separate functions you can call at the top of your script by adding a line with a password: MY_ENCRYPTION_SIMPLE_PASSWD and MY_SIGNING_SIMPLE_PASSWD.
- You can also just put "MY_SECURITY_SIMPLE_PASSWD" at the top of your script, and that will do both in one go. This used to be called the MY_SIGNING_SIMPLE_PASSWD option, which also did both.
MY_SIGNING_SIMPLE_PASSWD is now called MY_SECURITY_SIMPLE_PASSWD. MY_SIGNING_SIMPLE_PASSWD only affects signing, and a new flag, MY_ENCRYPTION_SIMPLE_PASSWD only affects encryption. MY_SECURITY_SIMPLE_PASSWD enable both these flags.I want to follow upon this: I use RFM69 for transport, they have an encryption engine in hardware. Will there be any difference in time to process the message between using:
- MY_SECURITY_SIMPLE_PASSWORD with soft encryption done on the ATmega or
- MY_SIGNING_SIMPLE_PASSWORD and encryption on the RFM or
- just MY_SIGNING_SIMPLE_PASSWORD.
If I'm not mistaken a signed message is the full 32 byes anyway, so the actual "airtime" will not change, but maybe the processing time before that will.
And yes, I am aware of the implications in total system security. But none of my nodes are accessible from the outside of my house. I am not worried about someone reading the contents of my sketch.
-
@alowhum said in [security] Migrating from library version 2.1 to 2.2:
@anticimex Awesome!
So I had a look at the new code, and is this a fair summary?:
- Simple encryption and simple signing are now two separate functions you can call at the top of your script by adding a line with a password: MY_ENCRYPTION_SIMPLE_PASSWD and MY_SIGNING_SIMPLE_PASSWD.
- You can also just put "MY_SECURITY_SIMPLE_PASSWD" at the top of your script, and that will do both in one go. This used to be called the MY_SIGNING_SIMPLE_PASSWD option, which also did both.
MY_SIGNING_SIMPLE_PASSWD is now called MY_SECURITY_SIMPLE_PASSWD. MY_SIGNING_SIMPLE_PASSWD only affects signing, and a new flag, MY_ENCRYPTION_SIMPLE_PASSWD only affects encryption. MY_SECURITY_SIMPLE_PASSWD enable both these flags.I want to follow upon this: I use RFM69 for transport, they have an encryption engine in hardware. Will there be any difference in time to process the message between using:
- MY_SECURITY_SIMPLE_PASSWORD with soft encryption done on the ATmega or
- MY_SIGNING_SIMPLE_PASSWORD and encryption on the RFM or
- just MY_SIGNING_SIMPLE_PASSWORD.
If I'm not mistaken a signed message is the full 32 byes anyway, so the actual "airtime" will not change, but maybe the processing time before that will.
And yes, I am aware of the implications in total system security. But none of my nodes are accessible from the outside of my house. I am not worried about someone reading the contents of my sketch.
-
@davidzh If you enable any form of encryption feature, RFM69 will always use the hardware to implement it. So there is no "soft encryption" on RFM69.
Ok clear. Thank you.
