Status WPS and SmartConfig #6680
Comments
arendst
added
the
awaiting feedback
|
I do not have a router with WPS... |
|
I can't test either and I agree with Jason |
|
I don't think I've ever actually had an interaction with someone who uses WPS. |
|
I would suggest to drop the sonoff-classic build completly |
|
WPS is considered one of the major vulnerability in a router since 2013 and many devices never got an update to fix or patch it in some way. |
|
Please kill WPS with fire and never mention it again |
|
With this feedback I think it's safe to say let's get rid of WPS. I would also like to get rid of SmartConfig. It is default also only available in sonoff-classic and needs a phone with esp8266 app. I must say I haven't used it for over two years. |
|
That one also belongs in the "why the hell is this taking up space" category. |
|
I think I used SmartConfig just a couple of time and I don't miss it at all. |
|
It doesn't use any space on non sonoff-classic binaries as it is commented out. The main issue is that it probably doesn't work anymore on the latest cores and I do not want to waste time on it to make it work again... |
|
What the hack. I remove it from the current release. If anyone wants to install tasmota using WPS or SmartConfig they need to use release 6.6.0 Afterwards they can always upgrade to the next releases. Working... |
arendst
added
fixed
|
Done. |
|
I once bought Airconditioning-WiFi-Modules from Mitsubishi, and they only supported WPS (the devices have just 2 Buttons - reset + WPS). It was a PITA to get them working in a OpenWRT-Only environment. I ended up connecting a third party router with proper WPS only to get the password into the devices. So yes, please remove WPS from Tasmota and add cool features with the free space! |
|
I hate that I'm late to the party, but wanted to drop my $0.02 anyway... Yes, WPS is not the most secure method (at least, not using the PIN - but I personally use the button, not the PIN). But it's not significantly worse than sending your WiFi credentials over HTTP on a WiFi connection that's secured - at best - with WPA2, which is also considered by many to be insecure - especially in the light of WPA3, which isn't supported by ESP chips (that I know of, anyway). So rather than have a simple push-button way of zero-configuration for devices, users must either build their own firmware or else use another non-secure way to configure the WiFi that is, arguably, not as non-secure as WPS, but is certainly nowhere near as push-button. I also note that with a single late exception, everyone on this thread so far is an active contributor to the project (and most also use non-standard router firmware, too). You're all "power users" presumably comfortable compiling your own firmware, so hardcoding your SSIDs is fine, but please remember that not everyone is so. |
|
Wi-Fi Manager is simple and secure and suitable for all types of user expertise. It's built in to all pre-compiled binaries. It does not preclude being able to use newer security protocols... once they are part of the Arduino Core. |
|
I don't agree that Wi-Fi Manager is a perfect solution. For example, Wi-Fi manager isn't an option when the webserver is disabled, meaning that MQTT_TLS users can't use it either... |
|
We're speaking about the first time the device is to be configured if you are using a binary that is "generic" and does not contain the credentials is needs to connect to the Wi-Fi network. For example, the pre-compiled binaries, the web server is not disabled. If a user employs one of these binaries, the device will indeed broadcast an AP for three minutes after it powers up. During this window of time, another device could connect to the Tasmota device and take control by opening 192.168.4.1. Wouldn't the same be the case if the Tasmota device is in WPS mode and there is a malicious router that would pair to the device during that window of time? I think the opportunity for a malicious character to be looking for either a Tasmota AP ( If, instead, a user has created a binary where they have disabled the web server, then now you are referring to a user that indeed has crossed that expertise threshold where they are able to compile their own firmware. In this case, the user has the option to specify every networking setting they care to set: Wi-Fi, TLS, Web UI password, etc. |
|
There are plenty of cases where a generic MQTT hostname could be known up front, and with the new TOFU support for fingerprints, that can mean a generic binary. I didn't intend to get caught up into comparing specific threat models - my point in mentioning it in the original point was that I didn't consider removing WPS a significant security-improvement, since much of the initial talk on this issue seemed to be focused around that. @arendst has put so much thought over the past two years into keeping the configuration out of the firmware as much as possible - to be later configured and persisted in memory, separate from the code - and this just seems such a huge step backwards given, for example as I mentioned before, anyone using MQTT_TLS is now required to hardwire their SSID setup in the firmware, whereas before that wasn't required. And this just after 6.6.0.3 when the AWS IoT credentials were made configurable at runtime, and when TOFU allowed for simpler runtime configuration of fingerprint based TLS - things that were among the last little pieces allowing for more generic firmware to be used for TLS use-cases... |
|
@issacg: |
What makes you think that? |
That's the million dollar question that I wish you'd asked yesterday. You're right, of course. In my upgrade path I glanced at the normal As to not be overly cryptic to anyone looking at this later, until 6.6.0 (I guess when AxTLS was swapped with BearSSL, it was indeed impossible to Big thanks to you @s-hadinger for your comment. I'll freely admit that having Wi-Fi Manager makes the lack of WPS into a minor annoyance, but not worthy of the harsher tone implied by my previous comments, and apologize if my lack of due diligence caused offence to anyone. |
|
Offence? None taken. |
|
@issacg Now I understand. Indeed swapping from AxTLS to BearSSL (and aggressive optimization), TLS is now a viable option. If you're interested, I put lots of details here: https://github.com/arendst/Tasmota/wiki/TLS |
|
@s-hadinger I saw the Wiki page. I've been using TLS with fingerprints for a while. I actually found out about BearSSL and the new fingerprints the "hard way" too, just before discovering that when I hard-reset my test device to test the new fingerprints I also nuked my Wi-Fi setup 😁 I was admittedly a bit unhappy with the breaking fingerprints, and moreso with the lack of alternative to the new TOFU setup with the very customized fingerprint, rather than some fingerprint that would be easier to calculate with standard openssl tooling. I agree that fingerprinting the public key makes sense in a setup like LetsEncrypt where the certificate is silently and automatically rotated, yet on the other hand I didn't understand the logic, in that LetsEncrypt had already been supported by Regardless, in that case, I tried to rectify that with a tool that I published and added a mention of said tool to that Wiki page, so hopefully I've made other folks' lives a bit easier. But the Wiki page was instrumental for me to understand the changes, so kudos for writing it! |
|
Breaking changes are never a good thing. The fingerprint change was mainly motivated by the fact that BearSSL works differently and fingerprinting the public key instead of the certificate allowed to save significant memory and flash size. And it makes sense too. Now if you are using Letsencrypt, just use The embedded CA is: |
So it is still there. Might be worth reverting to the old comment that explained that it was specifically for embedding the LetsEncrypt cert. If I hadn't known about that from past versions, I'd have never known it did so (I know it's in the Wiki page, but personally for me it's more helpful for the explanation to be "in my face" while I'm looking at all of the tunables) |
|
Good point. In my Todo list unless you are willing to do a PR to change the comments in the config source file. |
Can anyone verify if WPS is still working with pre-2.6.0? I thought I noticed it fails.
Do we still need WPS as an initial config tool?
The text was updated successfully, but these errors were encountered: