Skip to main content

Is Meshtastic encrypted? Can anyone read my messages?

Short Answer

Meshtastic messages are encrypted, but the level of protection depends on which channel you're using. The default channel (LongFast) uses a known public key and provides essentially no privacy. Custom channels with randomly generated keys provide strong message confidentiality.

The Default Channel: Not Private

The default Meshtastic channel uses a Pre-Shared Key (PSK) of AQ== - a single zero byte that is publicly known and documented. Any Meshtastic user in radio range can read messages on the default channel, including the Meshtastic app developers and anyone who has read the public documentation.

The default channel is suitable for public community communication where privacy isn't a concern. Do not send anything private on the default channel.

Custom Channels: Strong Privacy

When you create a channel with a randomly generated PSK (using the app's random key generator), that PSK is a 256-bit AES key that cannot be recovered by brute force with current technology. Messages on this channel are readable only by nodes that have the same PSK.

Encryption security: AES-256-CTR is the same cipher used for securing classified government information. The cryptography is sound. The risk is not in the cipher - it's in key management (how you distribute the PSK to your community).

Direct Messages: Even Better (Firmware 2.3+)

Direct messages in Meshtastic 2.3+ use ECDH key exchange, which provides:

  • End-to-end encryption between just sender and recipient
  • Forward secrecy (past messages remain private if a key is later compromised)
  • No shared secret to distribute - keys are derived automatically

What an Eavesdropper Can See

Even with properly configured channel encryption, a radio observer can see:

  • That LoRa transmissions are occurring on the frequency
  • The approximate timing and frequency of transmissions
  • Some packet header fields that are not encrypted (node IDs, hop count)

They cannot see message content, sender names, or channel names if a custom PSK is in use.

Practical Recommendations

  • For community chat where privacy isn't critical: default channel is fine
  • For any sensitive coordination: create a custom channel with a random PSK
  • For private one-on-one messages: use DMs with firmware 2.3+ on both ends
  • For highly sensitive communications: LoRa mesh is supplemental - use Signal or other end-to-end encrypted messaging for truly sensitive content
Back to top