I'm new on the ESP8266.
To be short I started installing monthes ago a home automation in my flat (RJ45 wiring, NAS, centralized TVsat decoder system + hdmi-rj45 converter to broadcast video in the rooms, all this remotely controlled with a logitech harmony remote/hub, all that stuff is locked in a technical room)
Then I found some limits to the harmony system for automation ... so basically i decided to try to replace the remote with my phone (by coding an app and use the network to send command to the harmony hub).
But as I wont use anymore the logitech remote, I need a way to capture IR spread by the hub, and send them to other rooms, I was thinking of using 2 device based on ESP8266 (one near the hub to capture IR and convert in network packets, and another in my bedroom to convert back send IR -this device could also be my mobile phone-) ... an IR repeater through wifi basically.
This is what made me interested in ESP8266, then reading the docs I found this could be usefull for many many other things, so I started to play with it (I have a CP2102 based nodemcu devboard)
I use ESplorer and lua to do dev on the esp.
So far I think I managed to do the basic stuff ... environment install on my dev PC, flashing firmware, writing some little scripts to access GPIO and a few basic electronics design, mainly following the lots of tutorials availables.
So here come a my question (others will follow then ...)
- As a software dev IRL i'm concerned about the security, currently my device for config is configured as AP with static ssid and a static pwd, the idea is to log with the phone, put credential for my home network (ssid/pwd) and validate, then the device will switch to configured mode (station) and (almost) ready to work.
The device also have a manual factory reset to go back in config mode.
For safety I put max connection in AP mode to 1 to be sure the user won't be able to send credential with a peer connected on this network.
BUT the configuration is done through basic HTTP POST request, so the credential will be cleary visible in the traffic ...
This lead to several question :
- any critics on this way of configuring a device (and/or other way to do it more safely) ?
- i have almost any knowledge on wifi ... my naive view is that if I allow only 1 user to be connected to AP during configuration, it will be impossible to sniff the traffic ... does a pwd protected wifi encrypt air traffic and how secure is it ?
- considering my actual way of configuring the device is safe, if a peer steal the device, he will be the happy owner of a ESP containing the credential to access my home network ... is it possible to extract those data from the stolen ESP ? and is there any way of securing this ?
- please share any comments you may have.
And thanks a lot for those who read everything to the end.
Olivier