# Edge & MoCA Encryption



## tetu81 (Jan 6, 2005)

Hi all,

I upgraded from a Bolt to an Edge and kept my two Minis in place. I was happily using a MoCA network with encryption with the Bolt as the bridge to get connectivity to the Minis. I can't for the life of me get the Edge and Minis to connect when I enable MoCA encryption. They work fine without encryption.

TiVo Support tells me they don't think MoCA encryption works and always suggest not to use it. More alarmingly, they don't think I even need the PoE filter I have so I'm not sure the agent I spoke to understood my security concerns.

Is anyone using MoCA encryption on their Edge acting as the bridge? Any tips? Or do I just give up and let the PoE be my only protection?

Thanks!


----------



## dianebrat (Jul 6, 2002)

Considering that your POE blocks data from possibly leaking out I'd say IMNSHO MoCA encryption is overkill and I'd see if your issues go away with it gone.


----------



## krkaufman (Nov 25, 2003)

To be fair, TiVo needs to ensure that the MoCA interface can be configured per spec, tweaking channel, privacy, etc.; but I wouldn't put my life on hold waiting for TiVo. If privacy is required, and someone else can confirm a current issue with the EDGE and MoCA encryption, then adding a standalone MoCA adapter to proxy the EDGE's MoCA connection would be a short-term workaround.

As for a physical "PoE" MoCA filter being a sufficient security measure, that's up to the user, dependent on their risk acceptance and physical plant (including location and physical security of the "PoE" MoCA filter). The uber-cautious take:



krkaufman said:


> ... highlights a common security risk associated with MoCA installs, where the cable distribution point, and therefore the "PoE" MoCA filter installation location, is outside the home, unsecured. It can be a bit like putting a Gigabit switch on the outside wall of your house.
> 
> From Andrew Hunt's "MoCA: Operation and Security Posture" paper presented to DEFCON:
> 
> ...


----------



## tetu81 (Jan 6, 2005)

Thanks dianebrat and krkaufman; appreciate your input!

I like the suggestion of using a standalone MoCA adapter to create the MoCA network and connect the Minis that way, bypassing whatever is going on with the Edge's inability to create a MoCA network with encryption.

WRT physical plant, I'm in a high rise condo building so I am somewhat confident that the single coax in from the phone room to my unit is the right place to put the PoE filter with little risk of unseen splitters.

I asked for the case to be escalated to another level of support so I'll update here if I get anything useful.


----------



## krkaufman (Nov 25, 2003)

krkaufman said:


> If privacy is required, and someone else can confirm a current issue with the EDGE and MoCA encryption,


FYI... Another user seemingly suffering from the same issue:

MOCA Networking Problem (Edge, with Older Mini)



mike-d said:


> I also use an encryption key


----------



## mike-d (Dec 12, 2013)

krkaufman said:


> FYI... Another user seemingly suffering from the same issue:
> 
> MOCA Networking Problem (Edge, with Older Mini)
> 
> ​





tetu81 said:


> Hi all,
> 
> I upgraded from a Bolt to an Edge and kept my two Minis in place. I was happily using a MoCA network with encryption with the Bolt as the bridge to get connectivity to the Minis. I can't for the life of me get the Edge and Minis to connect when I enable MoCA encryption. They work fine without encryption.
> 
> ...


_I have a ECB6000 as the Moca bridge, with encryption on. My problem is the my new Edge will not connect using Moca 1.1, when I try to add my Old A92 Mini to the network. It will connect using Moca 2.0 (with encryption) with my bolt and newer mini vox. I had not considered that encryption was the issue. Perhaps your issue is the same as mine, if you have an older A92 or A93 mini which only support moca 1.1? I was also fine with all the same equipment running moca 1.1 (forced down to 1.1 because of my old minis) with encryption, until I added the Edge in place of the Bolt. So the issue could be the Edge with moca 1.1, and/or encryption???
And - You should always have a POE Filter, encryption is just an additional measure._


----------



## mike-d (Dec 12, 2013)

tetu81 said:


> Hi all,
> 
> I upgraded from a Bolt to an Edge and kept my two Minis in place. I was happily using a MoCA network with encryption with the Bolt as the bridge to get connectivity to the Minis. I can't for the life of me get the Edge and Minis to connect when I enable MoCA encryption. They work fine without encryption.
> 
> ...


See my other post, above, and are your MINis the older A92 or A93 (Moca 1.1) models? My Mini Vox connects fine (with encryption), the older ones seem to cause the issue. Thx


----------



## krkaufman (Nov 25, 2003)

One thing I'm left wondering (absent the ability to test any theories) is whether the make-up of the encryption/privacy password makes a difference. i.e. Whether a simple lowercase-only alphanumeric key, or a key w/ special characters or spaces?


----------



## mike-d (Dec 12, 2013)

krkaufman said:


> One thing I'm left wondering (absent the ability to test any theories) is whether the make-up of the encryption/privacy password makes a difference. i.e. Whether a simple lowercase-only alphanumeric key, or a key w/ special characters or spaces?


Moca encryption keys/passwords are 12 to 17 numbers.


----------



## doconeill (Dec 13, 2002)

Just thought I'd add some data...I had a MoCA 1.1 network using an ECB2500C as a bridge off a router for years - it handled two TiVo HDs, a Premiere XL4, and a Bolt+ fine. The HDs are retired, and the Premiere XL4 started having issues so I got the Edge this past week. I did have an encryption key set, which I vaguely remember setting up on all the ECB2500Cs, but I can't find any instructions on how to do that now. Due to the wiring in my house, I have two different networks, with a wireless bridge between.

The Edge refused to connect at all on MoCA, and I started having issues having the Bolt+ and Premiere - I couldn't get both to work at the same time, even if the Edge wasn't. I got the Bolt+ and Edge working on the primary Wi-Fi instead, and got the TiVo Bridge Plus (aka ECB6200) - put that in place of the old ECB2500C, and the Bolt+ and Edge are playing perfectly nice. 

So it does seem like the Edge does not like MoCA 1.1, even though it should be compatible.


----------



## almoney (Jan 5, 2008)

Good morning, I upgraded to an Edge since my one of my old Bolts started having trouble waking up from sleep. Disk is probably the issue. Any case the Edge would not connect to my MOCA network as the first gen Bolt had been bridging the network for years. After reading this forum I gave up on encryption and the MOCA network started working. I wanted to say that the Cisco Tuning adapter _successfully_ passes MOCA so the extra wiring is not required. I will complain as others have to TiVo since my EDGE is brand new. Downgrading to MOCA 1.1 and encryption should work.


----------



## krkaufman (Nov 25, 2003)

almoney said:


> I wanted to say that the Cisco Tuning adapter _successfully_ passes MOCA so the extra wiring is not required.


Sure, but you likely have a simple setup.

What does your EDGE or Mini's report for MoCA "TX power estimate"? MoCA gear has built-in power adjustment functionality, and the attenuation associated with passing the MoCA signal through the TA's pass-through port is surely making the MoCA gear work harder than it needs to, and risks connectivity issues were you to expand the coax network, potentially putting the node-to-node loss above allowed specs (58 dB).


----------



## almoney (Jan 5, 2008)

krkaufman said:


> Sure, but you likely have a simple setup.
> 
> What does your EDGE or Mini's report for MoCA "TX power estimate"? MoCA gear has built-in power adjustment functionality, and the attenuation associated with passing the MoCA signal through the TA's pass-through port is surely making the MoCA gear work harder than it needs to, and risks connectivity issues were you to expand the coax network, potentially putting the node-to-node loss above allowed specs (58 dB).


Thank you for your interest. I have had no issues for years with MoCA bridging. Info from the EDGE:








I had to turn off encryption to re-establish the network.


































Sent from my iPhone using Tapatalk


----------



## krkaufman (Nov 25, 2003)

almoney said:


> I have had no issues for years with MoCA bridging. Info from the EDGE:


With TX power at 2dB, you're near the max amplification of 3dB, along the lines of what was expected. (i.e. MoCA gear having to work harder to maintain a connection.) FWIW, the power adjustment range is -30 to +3 dB.



almoney said:


> I had to turn off encryption to re-establish the network.


Yeah, that seems to be an issue with the EDGE's MoCA hardware/software.


----------



## southerndoc (Apr 5, 2003)

Reviving an old thread after purchasing a new Edge (even bit the bullet and bought another Mini for my office on top of the 7 I already have). Three of my Minis are connected via MoCA, 2 via WiFi, and the rest via ethernet. 

I tried turning on encryption, but one of them will not connect to my Edge. I think it's the older Mini model because I have an RF adapter on it for the remote control (talk about old!).

Reading this thread shows that encryption is probably the cause.

Out of curiosity, does encryption offer any benefits in a residential environment with a filter going to the outside?

What would be the optimum channel to use? There are no other MoCA networks in my house.


----------



## dianebrat (Jul 6, 2002)

southerndoc said:


> Out of curiosity, does encryption offer any benefits in a residential environment with a filter going to the outside?


Zero benefits, you can turn it off without risk unless someone inside the house wants to attack the network


----------



## southerndoc (Apr 5, 2003)

dianebrat said:


> Zero benefits, you can turn it off without risk unless someone inside the house wants to attack the network


Any thoughts on channel selection?


----------



## dianebrat (Jul 6, 2002)

southerndoc said:


> Any thoughts on channel selection?


It shouldn't matter, default should be fine


----------

