[GTALUG] Questions on wireguard and networking
Dhaval Giani
dhaval.giani at gmail.com
Wed Oct 3 11:27:26 EDT 2018
On Wed, Oct 3, 2018 at 7:54 AM James Knott via talk <talk at gtalug.org> wrote:
>
> On 10/03/2018 10:36 AM, o1bigtenor via talk wrote:
> > Found what looks to be a quite interesting vpn 'system' called wireguard.
>
> "WireGuard^® is an extremely simple yet fast and modern VPN that
> utilizes *state-of-the-art cryptography
> <https://www.wireguard.com/protocol/>*. It aims to be faster
> <https://www.wireguard.com/performance/>, simpler
> <https://www.wireguard.com/quickstart/>, leaner, and more useful than
> IPSec, while avoiding the massive headache. It intends to be
> considerably more performant than OpenVPN."
>
> Be very, VERY careful about cryptography that hasn't been extensively
> verified by experts. Even ones that have still have flaws discovered
> occasionally.
>
*THIS*
Having said that, the good news about wireguard is not around those.
The author of wireguard understands that and has implemented using
well tested/verified algorithms. It is mostly around how it has
currently been implemented. The last I saw on that, the wireguard
authors are working on fixing the crypto side of things before the
networking side will be reviewed. People are interested in getting it
in, it will just take time before it is mainline.
Dhaval
More information about the talk
mailing list