A severe cryptographic vulnerability in the popular open-source Meshtastic project allows attackers to decrypt private messages and hijack nodes across LoRa mesh networks.
  • redsand@lemmy.dbzer0.comEnglish
    0·
    5 months ago

    They still need help upgrading the key exchange to be quantum resistant if anyone needs a summer project.

    • Kairos@lemmy.todayEnglish
      0·
      5 months ago

      No they don’t “need” help doing that. Quantum resistance is kind of a waste of time considering the largest number factored by these things is 21.

      And the known algorithm we halve just square roots the search space on average. So a 256 bit key is still secure. Quantum resistance just seems like another industry scam to try and take us away from well supported open-source stuff.

      • JackbyDev@programming.devEnglish
        0·
        5 months ago

        The idea that people use quantum computers against meshtastic nodes is pretty funny to me. I think meshtastic attracts a certain kind of person who is security minded and maybe even prepper adjacent (like ham radio tends to). That leads to some odd things like worrying about nation states attacking their nodes.

        To be clear, I’m not saying better security isn’t worth it, nor am I saying it wouldn’t ever happen, but the idea that folks are hiding things that important on meshtastic is a little silly to me. I think their biggest threat is other hobbyists. Not nation states.

        • redsand@lemmy.dbzer0.comEnglish
          1·
          5 months ago

          It’s mostly the issue of saving transmissions for later. Very much not a high priority but solid future planning in the face of governments plagiarizing Orwell and Huxley.

      • redsand@lemmy.dbzer0.comEnglish
        0·
        5 months ago

        It’s just math and the relentless march if technology. Fear not, we have lots of open source post quantum cryptography libraries.

          • SmokeyDope@lemmy.worldEnglish
            1·
            5 months ago

            The point in time after the first qbit based supercomputers transitioned from theoretical abstraction to physical proven reality. Thus opening up the can-of-worms of feasabily cracking classical cryptographic encryptions like an egg within human acceptable time frames instead of longer-than-the-universes-lifespan timeframes… Thanks, superposition probability based parallel computations.

          • InnerScientist@lemmy.worldEnglish
            0·
            5 months ago

            From Wikipedia:

            Post-quantum cryptography, sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are currently thought to be secure against a cryptanalytic attack by a quantum computer.