**Mauve 👁💜** @mauve@mastodon.mauve.moe · Feb 05, 2026, 02:17

**Mauve 👁💜** @mauve@mastodon.mauve.moe · Feb 05, 2026, 02:17

Mauve 👁💜 @mauve@mastodon.mauve.moe

Feb 05, 2026, 02:17

Womp womp. #meshcore #encryption is not great. On a positive note, I managed to notice this by reviewing the code myself before I searched for an issue!

https://github.com/meshcore-dev/MeshCore/issues/259

**Scott Murray :neurodiversity:** @scott@sfba.social · Feb 05, 2026, 02:22

**Scott Murray :neurodiversity:** @scott@sfba.social · Feb 05, 2026, 02:22

Feb 05, 2026, 02:22

Scott Murray :neurodiversity: @scott@sfba.social

@mauve I am not an #InfoSec person so I really appreciate you finding this issue and posting about it. I am new to MeshCore and liked that it’s “more secure” than Meshtastic (a good selling point) but to be honest have not seen anyone outside the lead dev audit this claim in any way until now.

And I’m a bit horrified by the defensive responses to the original issue. :( I thought this open source project was going to behave better than that.

**Mauve 👁💜** @mauve@mastodon.mauve.moe · 2026-02-05T02:25:53Z

Mauve 👁💜 @mauve@mastodon.mauve.moe

@scott I don't think the responses in the thread are too bad tbh. It could be going way worse! Hopefully there will be a migration to a stronger scheme eventually. Even just deriving part of the IV from somewhere.