Secure serial connection between ESP8266 and onboard RPI

[KaspervanM]

What

The RPI needs to get the WiFi SSID and password from the ESP8266 in order to connect. This will be done using a serial. However, unlike within the ESP's EEPROM, everything is encrypted and the source code cannot be retrieved to decrypt. All files and source code can easily be acquired from the micro-sd chip. This means decrypting cannot be done on the RPI, but how does the ESP know if it really is the RPI that is asking for the password? Or, if the decrypting is one on the RPI, how can the method be concealed?

How

• For one, the decrypting could be done on the RPI within a dll written in machine language.
  • The password would still be vulnerable to exposure as the key and the encrypted password still needs to be given to the RPI. And as the program to decrypt is there as well, this is all that is needed to get the password.
• Another possibility would be for the password to be decrypted by the ESP before being sent to the RPI.
  • This would be most vulnerable because without a verification method, you can easily read out the password if you connect the serial to a pc. And any verification method could be found in the source code of the RPI.

[evanpacini]

I know how to fix this problem. We need to use cpp all the way. The arduino should send a ciphered ssid and pass along with a randomly generated key with which both were encrypted. After the python code receives this, it should directly send it to a (compiled) c++ program which would decipher it and (using the few commands we had made) put it in the wpa_supplicant file (using the wpa_passphrase thing). This way the pass is never exposed, only in a compiled program.

[KaspervanM]

Yes, that is a good idea. However, this would mean the key, the password and the decryption program would still be available to everyone.

Though, I do believe this would make cracking it hard enough to make it work. I will be trying this out right away.