Voting resources, early voting, and poll worker information - VOTE. ... Adafruit is open and shipping.
0

Secure IoT connection
Moderators: adafruit_support_bill, adafruit

Forum rules
If you're posting code, please make sure your code does not include your Adafruit IO Active Key or WiFi network credentials.
Please be positive and constructive with your questions and comments.

Secure IoT connection

by flounder on Wed Dec 11, 2019 11:45 pm

RING recently got in trouble because they were sending passwords to the local AP in plaintext. So I watched Lady Ada's talk about secure IoT. Lots of good things said, but nothing specific about how to go about this, particularly with reference to Adafruit WiFi products. For example, does the ESP32 WiFi library send the password (and even SSID) encrypted using WPA/WPA2 or does it send it in plaintext? I went to the github espressif/arduino-esp32 WiFi library, and there is no documentation. I do not find it productive to read unfamiliar code to reverse-engineer how it works. So advice on how to be sure I am not making the same mistake RING made is valuable.
joe

flounder
 
Posts: 407
Joined: Wed Sep 18, 2013 9:10 pm
Location: Pittsburgh PA

Re: Secure IoT connection

by brubell on Wed Dec 18, 2019 5:19 pm

Hi flounder,

The Adafruit IO Arduino library uses the WiFiClientSecure (https://github.com/adafruit/Adafruit_IO ... 32.cpp#L20) class from arduino-esp32 (https://github.com/espressif/arduino-es ... ientSecure). This class is used to establish a secure connection using TLS (SSL) between the Adafruit IO Server (verified by its fingerprint https://github.com/adafruit/Adafruit_IO ... ions.h#L83) and the ESP32 "client". After the connection is established, all data transferred between the AP and the ESP32 is encrypted.

- brent r.

brubell
 
Posts: 1043
Joined: Fri Jul 17, 2015 10:33 pm

Please be positive and constructive with your questions and comments.