feature: password protection & encryption-at-rest#44
Conversation
konsumer
changed the title
|
Also, if this doesn't fit in the scope here, no prob. I made it all as easy to use platformio libs, as well: |
SD.begin() is only needed for boards with custom SPI wiring (SPI_SCK defined). microStore::UniversalFileSystem::init() handles standard SD initialisation internally, so SD.h is now included only under #ifdef SPI_SCK. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Thanks for the PR @konsumer. Definitely interested in your at-rest encryption feature. Just need to consider where the best home for it would be. Just returning from extended travels and getting back into the groove so I'll get back to you in the coming days. |
|
Yeh, it might not be best here, like maybe it's just an addon for microStore. I want to really go through it and ensure it's the right approach, too. I am trying to balance performance, less decryption calls (like only the private key at boot, then use private key for all else) with enough security that it can't be easily cracked offline. I worked on several alternative reticulum libs (light ones for arduino, python & js) in the hopes of having a simple reference, but I think in my own planned ESP32 client devices, I want to just use microReticulum, since it has more testing & work around it. We should totally work together! |
|
Another idea I have been thinking about is NVRAM "pepper", which adds a lot of security (would need physical access to device, not just brute-forcing SD) and the concept of development/production mode with locked encrypted secret (so even physical access will not get you in, easily.) I think these measures, with a good password, will really protect things. I am not sure of the particulars with development/production mode though. I think maybe that just means disabling serial-update via fuses (and requiring OTA updates) which makes updating less convenient, and is still open to DNS OTA attacks and also you can read the flash directly. Maybe someone else has more experience with built-in flash encryption stuff? |
2 participants
I wasn't sure where to put it, so I stuck it in lib/ I am happy to move it somewhere else, or structure it another way, if you are interested.
Essentially, this adds a versioned & offline-brute-force-resistant store for identity, so it's encrypted at rest. This allows a quick device-reset to render it useless to attacker if the device or SD card is compromised. Identity is encrypted, as well as stored messages.
I included a simple example that does register/login (over serial) and tests the identity. I also documented strengths/weakness and suggestions for secure usage and added a script to verify & play with the files on computer.
Related to ratspeak/ratcom#8