Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
gbhackers.com
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
23 comments
-
-
"Flaw" yeah sure no "Tailored access road" there...... I kinda always assumed there is something fishy about Meshtastic...
If you depend on a "off grid" communication device....choose a analog radio that has to dumb of hardware to run a exploit (or broadcast your GPS location lmao).
23 comments
They still need help upgrading the key exchange to be quantum resistant if anyone needs a summer project.
No they don't "need" help doing that. Quantum resistance is kind of a waste of time considering the largest number factored by these things is 21.
And the known algorithm we halve just square roots the search space on average. So a 256 bit key is still secure. Quantum resistance just seems like another industry scam to try and take us away from well supported open-source stuff.
It's just math and the relentless march of technology. Fear not, we have lots of open source post quantum cryptography libraries.
The idea that people use quantum computers against meshtastic nodes is pretty funny to me. I think meshtastic attracts a certain kind of person who is security minded and maybe even prepper adjacent (like ham radio tends to). That leads to some odd things like worrying about nation states attacking their nodes.
To be clear, I'm not saying better security isn't worth it, nor am I saying it wouldn't ever happen, but the idea that folks are hiding things that important on meshtastic is a little silly to me. I think their biggest threat is other hobbyists. Not nation states.
It's also not that hard to implement. It's just a slightly different algorithm.
Also it's not an industry scam - literally the only standard out so far is from NIST.