I looked into Meshtastic a while ago and they use AES with no authentication tags. Also decryption happens on the LoRa device, which is a lot easier to crack with physical access compared to my phone. Even if you delete the messages it's still possible to decrypt sniffed LoRa traffic if, at some point in the future, one device gets captured.
I'd rather the protocol gets updated so the crypto key can stay on the phone.
There's a few issues that have been brought to light in the last couple years at Hackfest and other events related to LoRaWAN / Meshtastic (and derivatives). I think most notably was the failure in entropy generated during the flashing process, detailed here - https://nvd.nist.gov/vuln/detail/CVE-2025-52464
I think we're a bit past the initial AES issues, at least the Meshtastic project promptly alerted people to their crypto issues and encouraged everyone to update firmware asap.
It's not too hard to use, as long as the hardware is flashed and ready. For the end user, it's an app that connects to a bluetooth connection. I think it would very trivial to have a few good LoRaWAN ops in the community, flashing nodes en masse and handing them out to peers.
Agreed – and MeshCore follows a similar "security on the radio" design.
With the "cell phone + companion radio" setup which is currently very popular, it would seem the correct solution is to perform encryption on the phone – using the Signal protocol – and use the companion radio only to send/receive these blobs.
This has the added benefit that you can pair with _any_ arbitrary companion radio, rather than your identity being tied to one specific radio you own.
Repeaters/Router can, if you put a bit of love in to highly efficient 3.3V generation, forever an a 6V solar cell and a 18650 LiPo.
I've tested 60km with a 868MHz LoRa station using a shabby 5dBi omni antenna. Just run out of hills to test more.
But not as easy to use as BLE(+BLE Meshing) which is basically integrated into every smartphone.