MicroPython Forum (Archive)

Please see the new forum at
https://forum.micropython.org/

How Should WiFi Passwords be securely stored on micropython device?

https://forum.micropython.org/viewtopic.php?f=2&t=7013

Page 2 of 2

Re: How Should WiFi Passwords be securely stored on micropython device?

Posted: Fri Jan 31, 2020 11:44 pm
by spektro
How about this scenario:
ESP starts in AP mode. Let's call it #1
Another one ESP (#2) acts as credentials server.
#2 connects to #1 as soon as it discovers #1 is online in AP mode and sends it encrypted credentials.
#1 decrypts them with key stored in it's flash and connects to main WiFi.

Pros:
No flash chip contains valid credentials.
Credentials' server (#2) can be physically guarded.
Only one additional ESP per whole network (if whole area can be covered).
#1<>#2 communication can also be encrypted.
Decrypted credentials exist only in RAM.
Cons:
One additional ESP is needed. (Not necessarily, but one device in network must act as the credentials' server. It can be some other device doing some different stuff too.)
Credentials can be decrypted if somebody snatches ROM contains of both devices or ram contains of remote IoT station.

Re: How Should WiFi Passwords be securely stored on micropython device?

Posted: Sat Feb 01, 2020 6:24 am
by kevinkk525
If someone has access to #2 then it won't really matter if the key is stored on the device or retrieved and stored in RAM. He could still get it, the effort just gets bigger.

Re: How Should WiFi Passwords be securely stored on micropython device?

Posted: Mon Apr 20, 2020 9:43 pm
by xenotek
Noob here with micropython. Not at all pro in encryption.

How about saving the data in an encrypted sqlite db? Will this be secure enough?

Re: How Should WiFi Passwords be securely stored on micropython device?

Posted: Mon Apr 20, 2020 11:52 pm
by tve
The first question you need to ask is what the threat model is. I.e. what type of scenario are you trying to guard against?
Is the attacker in physical possession of the device or attacking it remotely?
If in physical possession, are you trying to protect the device content or the rest of your network?

Practically speaking I believe there are 3 reasonable stages:
- you put the pwd in plaintext on the device, if someone gets a hold of it and knows how to use it they have access to your wifi, you accept that risk
- you put the wifi pwd on the device and you consider your wifi insecure, WPA is just to keep the chaff out, you end-to-end encrypt between your device and your servers (HTTPS, MQTTS, WSS, etc), if someone hacks your device the access controls on your servers keep the damage under control and you revoke the access token or whatnot that your device uses
- you read-up on all the firmware encryption and locking that Espressif or other vendor provide and go down that (painful) path to make an (almost) totally hacker proof device

Sadly there's not a whole lot between steps 2 and 3 that isn't a lot more work for rather little gain. At least as far as I know.

Re: How Should WiFi Passwords be securely stored on micropython device?

Posted: Fri Apr 09, 2021 1:46 pm
by tino84
Just found this guide for the credentials in RAM solution:
https://randomnerdtutorials.com/micropy ... 2-esp8266/

Re: How Should WiFi Passwords be securely stored on micropython device?

Posted: Fri Apr 09, 2021 3:13 pm
by russ_h
This looks like a solution that could work https://docs.espressif.com/projects/esp ... ption.html
All times are UTC
Page 2 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/