Most recent activity
-
Awesome. Thanks, @Gordon! Every device will be configured by the server/MQTT broker (in this case, an Rpi) where the encryption keys will be stored so they're not in the device itself.
I'll give the AES encryption a go. Though, I wonder if the device will run as is without needing to decrypt the data in it, if it doesn't have the key. For example, if I store an AES encrypted WiFi SSID and password via the Storage module, will it be able to read/use it?
-
Neat! For starters, I can use that to make the data on the flash memory less accessible. Thanks, @Wilberforce!
-
Thanks, @allObjects!
I have read the Security thread prior to posting this, actually. Though, the conversation is mostly about the Puckjs. That's where I learned about the E.setPassword which would be a pretty good addition to the Espruino WiFi, if not already included.
I was hoping that Espruino has a native solution for security rather than relying on another firmware/hardware. It'd be great if Espruino releases a board with built-in HW security in the near future!
As for the transmission security, I think MQTT over TLS is a sufficient solution which the Espruino WiFi can already use. So at this point, securing the flash memory is really what I'm worried about.
-
Thanks for the reply, @allObjects!
Does the Espruino WiFi have this Flash EEPROM? I load data (wifi ssid, wifi password, server ip, etc) into the device (Espruino WiFi) using the Storage module, but when I connect this device to another computer, I can access these data with Storage.read() which is more or less what I'm trying to avoid.
Essentially, I want the data to only be accessible by the computer that loaded config into the device.
-
Hi, guys! Hope you're having a great day.
I'm working on a small IoT project and I'm mostly using Espruino WiFi and Sonoff devices.
I'm wondering what's the best way to secure data, both the transmitted data and the data on the flash memory. I've seen a few posts on encrypting transmitted data so I'm less worried about that, but what about the data in flash memory?
Correct me if I'm wrong, but when I load a program into a device, I can plug it into another computer with an Espruino IDE and access the loaded program and anything stored in the flash memory, right? Is there a way to encrypt the data loaded into it, or maybe require a password before being able to access it? I saw that Puckjs has E.setPassword or something. Is there a similar function for Espruino WiFi and/or Sonoff?
Thanks!
-
Hi Gordon! Thanks for the reply. My bad for not noticing the
Storagemodule. This works and it makes it much easier than callingsave()every time. Thank you! -
Hello,
I'm having trouble removing the previous instance of the Wifi connection when I call the
save()function. (see attached image)I have a function
setConfig(options)where I set variables like the Wifi SSID, password, device name, etc, and I'd like to be able to save these variables to the flash memory on the fly. This function has asave()function at the end which callsonInit()again. I noticed that the previous Wifi connection reconnects on top of the new Wifi connection. I tried explicitly disconnecting it and setting thewifivariable to null, but it still does the same thing.Is there anything I can do to remove the previous instance? Or is this normal and I shouldn't be worried about it?
Yeah, I understand. I don't expect anyone to go as far as taking the device apart or anything hardcore. (If they're that dedicated in getting data off of the device, they deserve to know lol)
I'm more or less just trying to prevent other people from easily accessing it, specifically plugging the Espruino WiFi into their computer and getting access to the SSID and password with
Storage.read. IfE.setPasswordcan do that, then it's all I need, for now at least.Thanks, @Gordon!