- Sat Oct 05, 2019 4:25 am
#84040
I have a series of ESP8266 connecting to my AP which is set to use WPA2-Personal with AES. These are transmitting temperature data to my MQTT server. On domotics forums I've read that people tend to think that using WiFi in home automation is more insecure than relying on Zigbee and other radio based network. Yet, I'm not quite sure I understand why. If my access point is set to WPA2-AES, then surely the ESP modules must be using this protocol to communicate securely. That said, its not very transparent to me how this happens. In my Arduino sketch, I call the ESP8266WiFi.h library and all I specify is the SSID an the wifi password. How do I know if the transmission is secure and data is not being transmitted in clear. Do i assume that the AP would not allow a connection that wasn't established on WPA2-AES principles?
I was reading the page (https://arduino-esp8266.readthedocs.io/en/latest/esp8266wifi/readme.html) which suggests, under the section "BearSSL Client Secure and Server Secure", that encrypted communication can be set up but is memory hungry. Does this mean that its not setup as default? Of course, my confusion as a newbie is quite clear in all this, so I was hoping someone could point me in the right direction in terms of understanding security from a network point of view when it comes to ESP8266. Basically, my biggest concern is that my password can be sniffed.
Of course, I could set up virtual wifi networks and the like but this is not the point. I just want to understand how I can make the communication between AP and ESP as secure as possible relying solely on the ESP8266WiFi.h library alone. Then I can add extra levels of security with virtual networks, etc.
I guess the other side of the security problem is that people who have physical access to my ESP8266 devices could hack into the unit, download the code and obtain my network password? I believe the ESP32 overcomes this problem (i.e. better to use a ESP32 rather than a ESP8266 for a device sitting in my garden and easily accessible by intruders)?
Interested to delve into the high level principles which I seem to be missing
I was reading the page (https://arduino-esp8266.readthedocs.io/en/latest/esp8266wifi/readme.html) which suggests, under the section "BearSSL Client Secure and Server Secure", that encrypted communication can be set up but is memory hungry. Does this mean that its not setup as default? Of course, my confusion as a newbie is quite clear in all this, so I was hoping someone could point me in the right direction in terms of understanding security from a network point of view when it comes to ESP8266. Basically, my biggest concern is that my password can be sniffed.
Of course, I could set up virtual wifi networks and the like but this is not the point. I just want to understand how I can make the communication between AP and ESP as secure as possible relying solely on the ESP8266WiFi.h library alone. Then I can add extra levels of security with virtual networks, etc.
I guess the other side of the security problem is that people who have physical access to my ESP8266 devices could hack into the unit, download the code and obtain my network password? I believe the ESP32 overcomes this problem (i.e. better to use a ESP32 rather than a ESP8266 for a device sitting in my garden and easily accessible by intruders)?
Interested to delve into the high level principles which I seem to be missing
