I am just getting started with MQTT and Mosquitto. I have a Shelly Flood Sensor I connect to the Mosquitto Broker on a Pi.
Because the Password file of Mosquitto creates a Password Hash I was hopeful that unencrypted MQTT Traffic uses at least the hash to Authenticate at the Broker. Well a Traffic Capture revealed something else.
I asked my Teacher about this and he said, that this is the norm. ChatGPT on the otherhand does not confirm this. Therefore i am looking for some confirmation.
Now i am aware that TLS would fix the issue. Unfortunatley i don’t have a device that supports TLS.
Thanks for your Help!