# Is Meshtastic encrypted? Can anyone read my messages?

## Short Answer

Meshtastic messages are encrypted, but the level of protection depends on which channel you're using. The default channel (LongFast) uses a known public key and provides essentially no privacy. Custom channels with randomly generated keys provide strong message confidentiality.

## The Default Channel: Not Private

The default Meshtastic channel uses a Pre-Shared Key (PSK) of `AQ==` - a single zero byte that is publicly known and documented. Any Meshtastic user in radio range can read messages on the default channel, including the [Meshtastic app](https://wiki.meshamerica.com/books/hardware-guide/page/meshtastic-app) developers and anyone who has read the public documentation.

The default channel is suitable for public community communication where privacy isn't a concern. Do not send anything private on the default channel.

## Custom Channels: Strong Privacy

When you create a channel with a randomly generated PSK (using the app's random key generator), that PSK is a 256-bit AES key that cannot be recovered by brute force with current technology. Messages on this channel are readable only by nodes that have the same PSK.

Encryption security: AES-256-CTR is the same cipher used for securing classified government information. The cryptography is sound. The risk is not in the cipher - it's in key management (how you distribute the PSK to your community).

## Direct Messages: Even Better (Firmware 2.3+)

Direct messages in Meshtastic 2.3+ use ECDH key exchange, which provides:

- End-to-end encryption between just sender and recipient
- Forward secrecy (past messages remain private if a key is later compromised)
- No shared secret to distribute - keys are derived automatically

## What an Eavesdropper Can See

Even with properly configured channel encryption, a radio observer can see:

- That LoRa transmissions are occurring on the frequency
- The approximate timing and frequency of transmissions
- Some packet header fields that are not encrypted (node IDs, hop count)

They cannot see message content, sender names, or channel names if a custom PSK is in use.

## Practical Recommendations

- For community chat where privacy isn't critical: default channel is fine
- For any sensitive coordination: create a custom channel with a random PSK
- For private one-on-one messages: use DMs with firmware 2.3+ on both ends
- For highly sensitive communications: LoRa mesh is supplemental - use Signal or other end-to-end encrypted messaging for truly sensitive content