RFE: protected way for WiFi password set-up #28
Comments
|
I ordered my morserino some days ago and thought the same when watching the videos. In the past I used the ESP8266 a bit and I'm some kind of familiar with this topic. I think using the password here: WiFi.softAP(ssid, password); would fix this. I'm interested in this as well. So I try to give it a look as soon as my hardware arrives. |
|
Another approach to this would be to allow SSID and password entry using the paddles. This might be a challenge for beginners, of course. I think you'd need to simulate shift, backspace, space, and tab keys using the encoder and red button, and disregard any space between characters entered with the paddle. |
|
(It would probably be simpler to implement (and use) a text entry method using the encoder to select and set characters.) |
Today, it's really easy and cheap to setup RF/WiFi sniffer, so it pose real security risk to send the WiFi password over the air in the plaintext. Even it's small window during which the password is sent it's still possible to catch it and compromise the host network. It's not much problem in rural areas, but in the city, especially in the height spot/building there can thousands of people in the radio range.
Could Morserino setup the WPA2 protected AP for the initial WiFi setup? The low security approach is to use hardcoded password like "morserino", high security approach is to generate random password and show it on the display. Or could the password be send over HTTPS? It would lower the risk of automated full-time 24/365 sniffers and possible offline analysis of the captured data - realtime man-in-the-middle attack is unlikely to happen in the small time window. Or could be there an option to set the password through the USB? For security concerned people like me? :)
The text was updated successfully, but these errors were encountered: