Clarify PSK docs

Add all possible values of the setting `psk` and clarify which
settings are secure and which are not. Closes issue #176
This commit is contained in:
GDR! 2022-01-11 17:42:43 +01:00
parent c0d247e68d
commit 275e9d5af6
No known key found for this signature in database
GPG key ID: 557FAEF4E8799852

View file

@ -20,7 +20,7 @@ Channel settings are an integral part of the way your devices communicate across
| id | `integer` | `0` | | id | `integer` | `0` |
| modem_config | `Bw125Cr45Sf128`, `Bw500Cr45Sf128`, `Bw31_25Cr48Sf512`, `Bw125Cr48Sf4096` | TODO | | modem_config | `Bw125Cr45Sf128`, `Bw500Cr45Sf128`, `Bw31_25Cr48Sf512`, `Bw125Cr48Sf4096` | TODO |
| name | `string` | `""` | | name | `string` | `""` |
| psk | `0`, `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8`, `9` | `1` | | psk | `0`, `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8`, `9`, `none`, `default`, `random` | `1` |
| region | `Unset`, `US`, `EU433`, `EU865`, `CN`, `JP`, `ANZ`, `KR`, `TW`, `RU` | `Unset` | | region | `Unset`, `US`, `EU433`, `EU865`, `CN`, `JP`, `ANZ`, `KR`, `TW`, `RU` | `Unset` |
| uplink_enabled | `true`, `false` | `false` | | uplink_enabled | `true`, `false` | `false` |
@ -57,6 +57,8 @@ This is in active development and not ready for casual users. Testing only.
<!--- A simple pre-shared key for now for crypto. Must be either 0 bytes (no crypto), 16 bytes (AES128), or 32 bytes (AES256). A special shorthand is used for 1 byte long psks. These psks should be treated as only minimally secure, because they are listed in this source code. Those bytes are mapped using the following scheme: 0 = No crypto 1 = The special "default" channel key: {0xd4, 0xf1, 0xbb, 0x3a, 0x20, 0x29, 0x07, 0x59, 0xf0, 0xbc, 0xff, 0xab, 0xcf, 0x4e, 0x69, 0xbf} 2 through 10 = The default channel key, except with 1 through 9 added to the last byte. Shown to user as simple1 through 10 ---> <!--- A simple pre-shared key for now for crypto. Must be either 0 bytes (no crypto), 16 bytes (AES128), or 32 bytes (AES256). A special shorthand is used for 1 byte long psks. These psks should be treated as only minimally secure, because they are listed in this source code. Those bytes are mapped using the following scheme: 0 = No crypto 1 = The special "default" channel key: {0xd4, 0xf1, 0xbb, 0x3a, 0x20, 0x29, 0x07, 0x59, 0xf0, 0xbc, 0xff, 0xab, 0xcf, 0x4e, 0x69, 0xbf} 2 through 10 = The default channel key, except with 1 through 9 added to the last byte. Shown to user as simple1 through 10 --->
The following table uses publicly known encryption keys. They're shipped with Meshtastic source code and thus, anyone can listen to messages encrypted by them.
| Setting | Behavior | | Setting | Behavior |
| :-----: | :------: | | :-----: | :------: |
| `0` | Disable Encryption | | `0` | Disable Encryption |
@ -70,8 +72,10 @@ This is in active development and not ready for casual users. Testing only.
| Setting | Behavior | | Setting | Behavior |
| :-----: | :------: | | :-----: | :------: |
| `none` | Disable Encryption | | `none` | Disable Encryption |
| `default` | Default Encryption | | `default` | Default Encryption (use the weak encryption key) |
| `random` | TODO | | `random` | Generate a secure 256-bit encryption key. Use this setting for private communication. |
If you use Meshtastic for exchanging messages you don't want other people to see, `random` is the setting you should use.
### region ### region