You send a message on Meshtastic from a hillside, and it hops through several strangers' nodes before reaching your friend two valleys over. Anyone with a Meshtastic device and a radio receiver could technically pick up those transmissions. So the obvious question is: can they read them?
Meshtastic encryption is the answer to that question, and it is better than most people assume. The short version is that your messages are encrypted with AES-256, one of the strongest symmetric encryption algorithms in existence. The longer version involves understanding how the key system works, where the weak points actually are, and what "secure" genuinely means in a mesh radio context.
What encryption Meshtastic uses
Meshtastic encrypts message payloads using AES-256 in CTR mode. AES-256 is the same algorithm used to protect classified government communications and to secure the HTTPS connection to your bank. The 256 refers to the key length in bits. Brute-forcing it is not a practical attack; it would take longer than the age of the universe on any realistic hardware.
Every channel in Meshtastic has a shared symmetric key. Anyone who knows the key can read messages on that channel. Anyone who cannot, regardless of whether they can physically receive the radio transmissions. Encryption occurs on the device before the message is transmitted, so even nodes relaying your packets in the middle of the mesh cannot read the content.
The default channel and what it means for privacy
Here is the part that catches people out. The default Meshtastic channel, often called LongFast, ships with a publicly known key. It is the same key across all out-of-the-box Meshtastic devices worldwide. This default key is not a secret. It is published in the Meshtastic source code.
That means messages on the default channel are technically encrypted, but practically public. Any Meshtastic user anywhere in the world could read them if they were in range, because every device knows the default key. The encryption protects against passive radio monitoring with generic equipment, but not against anyone running Meshtastic.
This is by design. The default channel is meant for discovering the local mesh and making initial contact. It is not meant for private communication.
How private channels work
To have genuinely private messaging, you create a custom channel with a unique key. Meshtastic generates this key from a passphrase you choose, using a derivation process that produces a 256-bit AES key. You then share the channel configuration, including the name and key, with the people you want to communicate with.
A well-chosen passphrase produces a key that no one else knows. Messages on that channel can only be read by devices that have the same key configured. Nodes in the middle of the mesh that relay your packets do not have the key and cannot decrypt the payload. They forward an encrypted blob they cannot read.
The security model here is sound. AES-256 with a unique, randomly generated or long random-passphrase-derived key is genuinely strong. The weak point is not the encryption algorithm. It is the humans managing the keys.
Where the actual risks are
The encryption itself is not the vulnerability. The risks are elsewhere.
Key sharing is the biggest one. The moment you share a channel configuration with someone, you have created a copy of the key outside your control. If that person shares their channel QR code carelessly or their device is seized, your channel is compromised. Unlike asymmetric encryption schemes, where each person has their own private key, everyone on a Meshtastic channel shares the same secret. Lose one device with the key on it, and you need to assume the whole channel is compromised and rotate to a new one.
Metadata is another consideration. Meshtastic encrypts the message payload, but some information travels in the clear: the sender's node ID, the packet headers, timestamps, and hop counts. An adversary monitoring the radio channel cannot read your messages, but they can tell that node X sent a packet at a given time, how far it travelled, and roughly where it originated. For most use cases, this is fine. For high-risk operational security situations, it is worth knowing.
Physical access to a device is a total compromise. If someone gets hold of a node that stores your channel key, they have the key. Meshtastic does not currently offer encrypted storage or a PIN to protect the device configuration, though this is an area the project has discussed. Treat a seized Meshtastic node the same way you would a phone with no screen lock: assume everything on it is readable.
What about the radio transmission itself?
Some people ask whether LoRa transmissions can be intercepted at the radio level, bypassing the Meshtastic software entirely. The answer is yes, technically, but it does not help an attacker read your messages.
A determined person with a software-defined radio and the right tools can capture the raw LoRa packets from the air. They can decode the LoRa modulation and extract the bytes. What they get is an encrypted ciphertext. Without the AES key, those bytes are meaningless. The fact that the radio layer is physically accessible does not undermine the encryption above it.
This is the correct design. Meshtastic does not rely on the radio being hard to intercept for its security. It assumes the radio can be intercepted and encrypts the payload anyway.
Is Meshtastic secure enough for sensitive communication?
For most use cases, yes. Hiking groups, community networks, event coordination, emergency comms with friends and family: AES-256 with a private channel key is more than sufficient. No casual eavesdropper is going to read your messages. Even a well-resourced attacker cannot brute-force the encryption.
For genuinely high-risk scenarios, such as journalists in authoritarian environments or activists where device seizure is a real threat, the metadata exposure and the shared-key model mean Meshtastic is not a drop-in replacement for something like Signal. The tools are different and designed for different threat models. Meshtastic is a radio mesh network built for resilience and range. Signal is an end-to-end encrypted messaging app designed around individual identity and forward secrecy. They do different things well.
One practical tip: if you are setting up a private Meshtastic network for any serious purpose, create a custom channel, use a long, random passphrase rather than a memorable word, and agree with your group to rotate the channel key if any device is lost or compromised. These are basic key hygiene practices, and they keep the encryption doing its job.
The bottom line
Meshstastic's encryption is real and strong. AES-256 on a custom private channel is not a token gesture. Your messages cannot be read in transit by anyone without the key, regardless of whether they can intercept the radio signal.
The realistic risks are about key management and device security, not about cracking the cypher. Keep your keys private, protect your devices, and know that the default channel is not private by design. Do those things, and the encryption does exactly what it promises.