[Cryptography] How to De-Bollocks Cryptography?
Ralf Senderek
crypto at senderek.ie
Wed Aug 14 09:46:12 EDT 2024
On Mon, 12 Aug 2024, Peter Gutmann wrote:
> Kent Borg <kentborg at borg.org> writes:
>
> > If only there were someone with some common sense and visibility and
> > cryptography credentials to lead an effort to define a "TLSsimple" standard.
>
> We've already got it, it's called WireGuard. One guy came up with a better
> design than more than two decades of continuous work by standards committees
> could produce, and despite being (figure randomly pulled from thin air) twenty
> times smaller than IPsec and TLS, no-one seems to be upset about all the
> essential and critical features that it doesn't have.
>
> It also seems to be a helluva lot more secure than either IPsec or TLS have
> been, probably because it's not packed with said "features". In fact it
> pretty much follows the design thinking I mentioned towards the end of the
> Bollocks talk that leads to really hard-to-compromise designs, one cipher
> suite, one mode, and not much more.
What's interesting from a practical view is the way they omit the whole PKI
nonsense. WireGuard is for use cases in which one party A knows to which
other party B they want to exchange information securely.
WireGuard introduces something they call "Cryptokey routing". Every participating
machine with a working IP address is identified by a 32 byte string that works
as a public key for ECDH key exchange. This 32 byte string is recorded in the
"Cryptokey Routing Table" of every other machine that wants to establish
a secure connection together with the allowed IP range of the other peer.
This range could be limited to a single IP or more.
Once the "Cryptokey routing tables" of every participating peer are set up,
the WireGuard virtual interfaces (wg0) are fired up and data can float
between the peers (authenticated and encrypted).
That's it from the user's point of view.
So packets arriving from not-allowed IPs are dropped. And after the initial
handshake, only authenticated data from the established peer comes out of
the interface wg0. The rest is silence!
If you want to connect to arbitrary internet host, it's nothing for you.
But if you know what your destination is, WireGuard is a good try. And
BTW its not fiction, but audited minimal code that can be installed on
most OS not just Linux.
-ralf
More information about the cryptography
mailing list