ESP8266 ENCYPTION
NAVFAC10
Posts: 23
Good Morning,
Have been following the ESP8266 with great interest. In fact, I should receive 3 DEV boards (from sparkfun) any day. In my research of the 8266, I did not see much in the way of encryption. I am looking to connect it to a prop, but ultimately use it as a stand-alone (and program with lua). Does it support AES, WEP or anything else? If so, what would the code look like. Thanks in advance. Have a nice day.
Have been following the ESP8266 with great interest. In fact, I should receive 3 DEV boards (from sparkfun) any day. In my research of the 8266, I did not see much in the way of encryption. I am looking to connect it to a prop, but ultimately use it as a stand-alone (and program with lua). Does it support AES, WEP or anything else? If so, what would the code look like. Thanks in advance. Have a nice day.
Comments
But it does not make you secure. Everything from your WIFI access point out over the net is no longer encrypted!
To be secure you need end to end encryption. Which is why we have HTTPS for visiting web sites.
Of course if you have end to end encryption, you don't actually need any of that silly WEP and whatever over the wireless hop.
How do you get end to end encryption using an ESP?
No idea. I'd start with implementing something the Tea encryption algorithm (Google it) in my application code.
For the web server there are some large threads on https and TLS support. I would not use the ESP for anything sensitive. It's a very capable device but it's not a big server running Apache or IIS so there will be some limitations.
Here's a good starting point for NodeMCU and LUA - http://randomnerdtutorials.com/esp8266-web-server/
On the other hand there is no correlation between being "big" and being "secure".
Some very small crypto systems can be very hard to break.
I'm all for building such security into your application code.
All depends how secure you want to be. And how worthwhile it is for anyone to try and break it.
I agree with all you state here, but TEA which you mentioned before has been trivial to break for quite some time now. So if you're looking for a reasonable secure & simple encryption algo look at least at XXTEA, which has a known weakness but no known attacks yet. Although it is becoming quite feasible to break it nowadays with the advancement in GPUs.
If you need something secure you need to look at something else, but I have no idea what for small(er) micro controllers.
You could always apply Tea, with two different keys, twice
More seriously, don't listen to any advice from me regarding encryption and building a secure system. Except for this:
Don't try and invent your own encryption algorithms or secure system. It will inevitably be flawed. Better to use well known algorithms that have been created by people who know what they are doing and have been subject to analysis by experts for ages.
Further, we see that many secure systems get hacked not by breaking the algorithm or brute forcing the keys with GPU's but by simple mistakes in implementation by those who built the system.
In my work related to secure systems in the past I learned that getting things right is hard. Paranoia is a good thing here.
I'm looking forward to getting some tiny LoRa modules. A range up to 15 miles and low power. All be it 20 dollars a pop and using pretty low data rates. Not really suitable for serving web pages.
"srv:listen(80,function(conn)"
Not sure what this line of code does, but I think the "80" is the port number for http. I wonder if I were to replace it with 443 (port for https). Of course, this is for TCP only. When I receive my DEV boards, I will give it a go. Have a nice day.
I've not tried this myself.