Future wish: change MySensors 'simple security' password through a web interface.

[flatsiedatsie]

MySensors has a 'simple security' option where the user simply has to set a password in a sketch and in the gateway configure parameters. This makes setting up basic encryption and signing much easier.

While changing the password inside Arduino nodes is easy (just change the password in the code), changing the password used by the gateway software is a bit more difficult.

If MySController would build its own web interface, perhaps it could offer the ability to change the password?

[tsathishkumar]

I didn't know about that feature in mysensors. I'll have a look.

[ashokgowtham]

https://www.mysensors.org/about/signing Sneak peak: MySensors doesn't support encryption for messages. Anybody can 'listen' to the traffic over the air. There is only support for signing of messages, which will prevent unauthorised parties from sending messages and affecting our network. The signing requires PSK (Pre Shared Key) to be shared between nodes and gateway.

[flatsiedatsie]

@ashokgowtham Actually, MySensors supports both signing and encryption. It even allows you to easily set up both with just one password.

[ashokgowtham]

@flatsiedatsie I was saying that based on this piece of docs: https://www.mysensors.org/about/signing#why-encryption-is-not-part-of-this

I'm guessing the document isn't up-to-date. I see people talking about encryption in comments in that document itself, in addition to the link you shared https://forum.mysensors.org/topic/4908/security-signing/25

[flatsiedatsie]

For now a (theoretical) way around this is to use a serial MySensors gateway. Then you can set the password in the Arduino code. All the node will then communicate securely, but the output from the Arduino should still be just unencrypted text.

[flatsiedatsie]

I think this issue can be closed. I don't think it's up to MySController-rs to manage this, something like the Candle Controller should be able to manage this just as well.