Good day,
I was look in my backup of my esp32 [backup.bin]. I found my ssid and passphrase in plain text.
How can i prevent this.
Thank you for your help
What credentials? Your OS, bank, be specific.
usually we would build those strings at runtime..
even something silly like..
const char scrambled[]={'d','r','a','w','s','o','p'};
String unscramble()
{
String result="";
result+=scrambled[6];
result+=scrambled[2];
result+=scrambled[4];
result+=scrambled[4];
result+=scrambled[3];
result+=scrambled[5];
result+=scrambled[1];
result+=scrambled[0];
return result;
}
might be enough..
good luck.. ~q
Thank you.
1 Like
The more that you read, the more things you will know. The more that you learn, the more places you'll go. – Dr. Seuss
Passwords should always be saved in an encrypted format.
Using an ESP32 actually makes this easier because encryption is handled via hardware by the built-in module. If you take a look at my library, there’s a class called CredentialManager that does exactly this (can handle up to five different credentials).
The class is designed to be agnostic to the rest of the code, so if you don't want to use the entire library, you can just extract the specific code you need.
If you want use your own unique encrypt key (hardware based efuse-backed BLOCK_KEY0), check also this readme with some instructions about password encryption.
For even greater security, you can also enable Full Flash Encryption for the entire memory.
1 Like