[Cryptography] WireGuard

Jerry Leichter leichter at lrw.com
Thu Aug 30 07:11:43 EDT 2018


WireGuard - white paper at https://www.wireguard.com/papers/wireguard.pdf - is a new secure IP technology.  Perhaps the best quick summary is that it's IPSec with all the complexity drained out - to the point that the implementation (without the actual crypto) comes to about 4000 lines of code.

The paper talks about the Linux implementation.  There has since been a BSD implementation, which is also available - all this is open source - on MacOS.

The white paper reveals what appears to be really good and clever design and engineering.  Some of the basic principles are things we've discussed (and argued about) repeatedly here - e.g., *one* choice of crypto configuration, no "algorithm agility", no negotiation at startup.

I'm wondering if others here have looked at WireGuard and have any insight into the reality.

Metacomment:  We seem to be in a new phase for public cryptography.  The first phase was the pre-history, when crypto was available only from a few companies - especially IBM.  Then we had a burst of public standardization, from algorithms (AES) to protocols (SSL on the ad hoc side; IPSec on the de jure side).  The standards had two features:  In general, beyond some of the base algorithms, they were extremely complex and difficult to get right (in many cases, we now know or strongly suspect, due to "enemy action"); and for years they "froze the market":  It was difficult to get "approval" for any crypto not based on these standards - from government, from industry, and even in discussion groups like this one, where we've generally told people "don't try to roll your own, just use the established standards".

Over the last couple of years, this has started to change.  DJB (certainly not alone, but his name keeps showing up) with new algorithms and some new base protocols.  OTR was able to establish itself because there really was no "standard" competitor.  ssh has always been there in the background, but its notion of "endpoint continuity" for secure key exchange - as a replacement for the "standardized" certificate authority model - has seen increasing acceptance.  And now we are seeing WireGuard, which is actually built on a number of other "non-standard" components.

Computer technology goes through these kinds of cycles.  It was not so many years ago when it was "obvious" that certain things were fixed forever:  The Intel x86 ISP was the end of CPU evolution; C was the low-level language; Windows was the OS; VB was the high-level language; desktops were the form factor.  All those moments lost in time, like tears in rain.

Phillip Hallem-Baker:  It seems that your Mesh work may be arriving at the right point in history.  :-)
                                                        -- Jerry




More information about the cryptography mailing list