Discussion
Loading...

#Tag

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
nullagent
@nullagent@partyon.xyz  ·  activity timestamp 8 months ago

#13 No conversation privacy in default scalable configuration. Anyone can see your to/from fields and bc #1 it's great metadata.

Need to verify how bad #13 is, I think you can mitigate but most people use a public channel. The header I think its technically encrypted BUT with a known public key so everyone can see whose talking to whom. I think you can get encrypted headers on the public channel but docs aren't clear and probably limits your hops.

#meshtastic #cybersecurity

nullagent
@nullagent@partyon.xyz replied  ·  activity timestamp 8 months ago

Finally I suspect that IF meshtastic ever does fix their routing algo they will suffer from MITM exploits due to issues around #1, #6, #8, and #9.

Bc when you have MAC as the root of trust I can respond to your MAC and poison the routing table.

There might even by a solid security downgrade attack here too bc they have backwards compatibility for insecure DMs. So once I clone your MAC I can also downgrade security and ppl are trained to accept downgrades.

#meshtastic #cybersecurity #mitm

  • Copy link
  • Flag this comment
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.3.1 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login