Jump to content
Not connected, Your IP: 18.118.140.78
Casper31

Wireguard + post-quantum cryptography

Recommended Posts

Sadly, I think this is like promising a car that will use no fuel if you use the software for the one that uses fuel available from only one single closed source vendor today.

 

All you get is a really expensive fuel.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Post - in latin is a prefix, meaning “behind,” “after,” “later,” from the word postscript.

We haven't seen a practical quantum computer yet, so anything "post-quantum" is just a theory at this moment.

 

The most powerful "grid" today is the Bitcoin network, which is more powerful than all top 500 supercomputers

in the world (combined together), but still not big enough for breaking AES-256, and probably it will be that way

for the next forecastable period of our lifetime.

 

Wireguard is a very niche protocol that is only supported on Linux at the moment, although there are some

efforts to port it to other platforms as well, according to: https://www.wireguard.com/xplatform/

 

So far a very few users can actually benefit from it, at the current state.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

I think too that post quantum crypto is a gadget but for using wireguard since around three months , I can say that it works like a charm (not onlly one issue during this time) and speed is really really fast !

Share this post


Link to post

I am already using it with Mullvad and it works very well and fast, even with qbittorrent. I think it's a good thing after Google tested that algorithm, called New Hope, as "promising" and with great results.

Share this post


Link to post

Five years ago, this article was posted. I enjoy reminding people that even if every computer in the world were the example supercomputer, and were slaved together to work on just one single AES-128 bit key, they could not possibly manage to break it while anyone currently alive is still alive.

https://www.eetimes.com/document.asp?doc_id=1279619

 

Currently the best supposed "Quantum" computers are basically as potent as a modern cellular phone. In other words, they suck ass. They could not manage to crack DES, and DES is a 56 bit joke of an algorithm that is not used anymore because it is plainly inferior to everything else we have. (Literally everything beats DES.)

 

If we ever have real quantum computers, we will have so many changes overnight that we will not be able to keep up. Cancer will be universally curable. Disease will basically become an outdated term that no longer applies to us at all, and so many of us will wind up in prison for something we may have done a decade or two ago that our justice departments will have to decide what sort of crimes they will bother to enforce. Oh and World War Three will be a likely contender for that time too...

 

In short, Quantum computers can and would make even impossible tasks simple. But they are not something Humans are ready for. I truly hope we never get them. We need time to grow as a species and learn from our mistakes first.

 

/rant over Good day everyone.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

I am already using it with Mullvad and it works very well and fast, even with qbittorrent. I think it's a good thing after Google tested that algorithm, called New Hope, as "promising" and with great results.

It works also on Mac's

Share this post


Link to post

Not sure if anyone here belongs to airvpn staff, so i'm just gonna ask...

 

Even though it is still experimental, based on the videos i watched, it won't take long until this go into mainline kernel. Linux overlord himself has expressed interest to get this in rather sooner than later.

Can we have some plans/feedback generally about wireguard from airvpn staff?

 

People have commented that they tried mullvad, so I'm also trying it now and it works much faster thank openvpn with normal browsing (at least it feels like that, didn't do any actual measurements).

Would be nice if we can use it with airvpn even if we take into account that it is experimental tech.

Share this post


Link to post

so much noise about this "wireguard + post-quantum cryptography" that I just had to take a look.

 

So fundamentally it's about simplifying the set up of a secure channel. wireguard has nothing whatsoever to do with the underlying encryption. Its main strength (if it works as advertised) is the ability to set up lots of new channels quickly. So this would be useful if you were making ***LOTS*** of purchases from different web sites very quickly. You would then need a secure channel to each page to pay for your goods. But this is absolutely not the case when you are using a VPN to access restricted sites such as tpb. In that case you only need to set up one secure channel and all your data flows back and forth along that one channel. Yes the underlying software might need to exchange new keys every hour of so but this is no big deal for even a modest modern PC.

 

Now the one thing that wireguard promises is to simplify the process by eliminating some of the protocol layers and moving code from user space to kernel space. This is really fraught with hidden dangers and not something to be undertaken without an immense amount of beta testing - and I don't mean by Joe Public but by people that really understand security and encryption.

 

So, given that the underlying encryption schemes can be the same for wireguard and openvpn, the crunch really comes down to: do you trust old software that has been around for a long time, is well understood and has had a lot of the bugs fixed ***OR*** do you trust a piece of software that is new, makes drastic changes (to the kernel and protocol) and is relatively untested.

 

And just one last thought: it is easy to make an encrypted VPN look fast, you just use a simplified encryption algorithm ***BUT*** the crunch is would you be able to tell the difference?

Share this post


Link to post

Would really like Air to reevaluate their decision not to implement WireGuard. It's clearly no longer a "niche" thing and the sole reason I've been looking at other providers recently.

Share this post


Link to post

Would really like Air to reevaluate their decision not to implement WireGuard. It's clearly no longer a "niche" thing and the sole reason I've been looking at other providers recently.

 

We already mentioned that we are very much interested in the project. Of course selling some service now based on Wireguard would be culpable negligence, it is in testing phase and is incomplete. From the home page of the web site project:

 

WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software)

 

When the developers will decide the final protocol and Wireguard is released as a stable version things will change and a peer review etc. will become possible.

 

Kind regards

Share this post


Link to post

 

Would really like Air to reevaluate their decision not to implement WireGuard. It's clearly no longer a "niche" thing and the sole reason I've been looking at other providers recently.

 

We already mentioned that we are very much interested in the project. Of course selling some service now based on Wireguard would be culpable negligence, it is in testing phase and is incomplete. From the home page of the web site project:

 

>>WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software)

 

When the developers will decide the final protocol and Wireguard is released as a stable version things will change and a peer review etc. will become possible.

 

Kind regards

 

 

I understand your position and it is indeed a valid one. I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now. I get the impression that warning you quoted is more of a requisite disclaimer than anything meaningful.

 

What's the harm in offering beta services to customers who are interested and well aware of any associated instability? You have a prominent beta disclaimer for your IPv6 support, so I think this could be similar (even if it's not a direct parallel comparison).

Share this post


Link to post

Hello!

 

We prefer a safer approach. Testing the implementation of a stable protocol has nothing to do with testing an experimental protocol. IPv6 is definitely not an experimental protocol since so many years: the test is on our servers settings, not on the protocol, which is stable.

 

Completely different thing is testing a protocol which is itself experimental.

 

I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now.

 

This is anecdotal and unfortunately has no value at all.

 

Side note: IPv6 configuration completed the beta phase successfully, the disclaimer must be deleted.

 

Kind regards

Share this post


Link to post

Hello!

 

We prefer a safer approach. Testing the implementation of a stable protocol has nothing to do with testing an experimental protocol. IPv6 is definitely not an experimental protocol since so many years: the test is on our servers settings, not on the protocol, which is stable.

 

Completely different thing is testing a protocol which is itself experimental.

 

I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now.

 

This is anecdotal and unfortunately has no value at all.

 

Side note: IPv6 configuration completed the beta phase successfully, the disclaimer must be deleted.

 

Kind regards

 

As much as I would like to test Wireguard, and I would! I really appreciate this stance.

 

Everyone always wants the latest and most shiny thing, however, sometimes we forsake what we have in lieu of that. OpenVPN is a bloated protocol, yes. However, most people here claim that they are getting almost full bandwidth saturation while using it. It is also very flexible and thoroughly tested and has been around quite awhile. What is Wireguard going to get you that you don't have currently?

 

Thank you for taking the safer approach, Air. I much prefer my privacy and security to the latest and (maybe) greatest thing.

Share this post


Link to post
Guest

 

Hello!

 

We prefer a safer approach. Testing the implementation of a stable protocol has nothing to do with testing an experimental protocol. IPv6 is definitely not an experimental protocol since so many years: the test is on our servers settings, not on the protocol, which is stable.

 

Completely different thing is testing a protocol which is itself experimental.

 

I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now.

 

This is anecdotal and unfortunately has no value at all.

 

Side note: IPv6 configuration completed the beta phase successfully, the disclaimer must be deleted.

 

Kind regards

 

As much as I would like to test Wireguard, and I would! I really appreciate this stance.

 

Everyone always wants the latest and most shiny thing, however, sometimes we forsake what we have in lieu of that. OpenVPN is a bloated protocol, yes. However, most people here claim that they are getting almost full bandwidth saturation while using it. It is also very flexible and thoroughly tested and has been around quite awhile. What is Wireguard going to get you that you don't have currently?

 

Thank you for taking the safer approach, Air. I much prefer my privacy and security to the latest and (maybe) greatest thing.

 

I'd go so far as to argue it'd be negligent for Air to publicly test this for at least another 3 years, if not 5 or 10. AirVPN launched at least in 2012, so OpenVPN was at least 11 years old at that time. There is also the claim that using Wireguard involves logging as Hanzo22 said so for now, it's best to wait for it to fully mature.

 

For this reason Mullvad should be considered negligent by using such a protocol and avoided at all costs; you simply do not jump on the hip new thing without waiting for a proper security Audit.

Share this post


Link to post

Hello!

 

We prefer a safer approach. Testing the implementation of a stable protocol has nothing to do with testing an experimental protocol. IPv6 is definitely not an experimental protocol since so many years: the test is on our servers settings, not on the protocol, which is stable.

 

Completely different thing is testing a protocol which is itself experimental.

 

 

I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now.

This is anecdotal and unfortunately has no value at all.

 

Side note: IPv6 configuration completed the beta phase successfully, the disclaimer must be deleted.

 

Kind regards

If someone is convinced it's a risk, then they don't test it. Slap a disclaimer on there, call everyone an idiot for opt-ing in, whatever you want, but the choice existing is what counts. You'll end up having a better implementation of it in the long-run once it's official. OpenVPN hasn't been updated in almost 6 months. Being so fervently against such a compelling alternative makes me suspicious about Air more than anything. Even Torvalds is excited about it being merged in the kernel soon. In case anyone isn't aware, here are the highlights:

  • Under 4k lines of code

  • Kernel-space only (no context switching to userspace and back)

  • Extremely efficient - fixed length fields in the protocol eliminates the need of parsers

  • Fixed efficient modern encryption. Eliminates inconsistencies in encryption and simplifies configuration.

  • No multilayer protocol handshakes.

  • No connection state. You send your packet to the interface, it will be either delivered or not - everything is handled automatically.

  • Built-in DDOS, anti-scan and attack protection - if encryption key is incorrect the server will simply not reply reducing potential threats to pretty much nothing.

  • Tiny(hundreds of bytes) size allows using it on cheap routers with just a few megabytes of ROM, on IOT, microcontrollers...

  • Very light on CPU means low battery usage. If you used OpenVPN on your phone you know how power hungry this piece of history is. Wireguard consumes nothing.

  • Scalable. You can have thousands of tunnels on one server. You can route all your traffic to a tunnel with almost no overhead. You can even implement your whole network layer on Wireguard tunnels.

  • Very easy to configure. Configuration is literally 2 lines - remote IP and key. You deal with the rest of the configuration just like if it was a local interface. And it works exactly this way.

  • Secure. Like REALLY secure. Developed by a security professional. 4k lines of code can be easily read and analyzed. And impressively it's one of the very few protocols that passed formal verification. Probably the only VPN protocol. You can read the whitepaper here

  • And it's FOSS! (no licensing controversy like with OpenVPN)

I'll stop here though, since the mods have made it clear they have zero interest in touching it anytime soon. But calling any other VPN negligent for doing so is a bit much, to say the least.

Share this post


Link to post

If someone is convinced it's a risk, then they don't test it.

 

Hello!

 

We are not convinced it's a risk. We know that current Wireguard release is experimental and the protocol is subject to change, as reported by Wireguard programmers in the home page. We will not use our customers as testers. Currently WireGuard also lacks TCP support which locks out a relevant percentage of our customers. We have already said that we are interested in it and when it is released as a stable version and properly audited we will consider it seriously.

 

At the moment it is totally unusable in our infrastructure because it lacks TCP support, lacks dynamic VPN IP assignment, and (at least the build we have seen) lacks a strictly necessary security feature (verification of the CA certificate provided by the server, therefore the client can't be sure that on the other side some hostile entity is not impersonating a VPN server).

 

Kernel-space only (no context switching to userspace and back)

 

And that would be a good thing under a security point of view because...?!? Remember that we have never liked IPsec because it works in the kernel space with a stack implementation which is poorly documented, while OpenVPN operates on userspace. Performance is irrelevant when security is the priority.

 

Very light on CPU means low battery usage. If you used OpenVPN on your phone you know how power hungry this piece of history is. Wireguard consumes nothing.

 

There is no difference in power drain between, say, Wireguard client and our Eddie client. It's the cipher you use that is decisive, because it's the encryption and decryption to load CPU and need a lot of power. Ecnryption and decryption are handled by mbedTLS or OpenSSL, obviously, not by OpenVPN.

 

You might see longer battery life with Wireguard or OpenVPN according to the cipher OpenVPN uses (while you can't change cipher in Wireguard).

 

 

OpenVPN hasn't been updated in almost 6 months.

 

OpenVPN 3 has been updated a few weeks ago.

 

And it's FOSS! (no licensing controversy like with OpenVPN)

 

OpenVPN is free and open source software released under GPL. There is no such thing as licensing controversy.

 

Kind regards

Share this post


Link to post
Guest

 

Hello!

 

We prefer a safer approach. Testing the implementation of a stable protocol has nothing to do with testing an experimental protocol. IPv6 is definitely not an experimental protocol since so many years: the test is on our servers settings, not on the protocol, which is stable.

 

Completely different thing is testing a protocol which is itself experimental.

 

 

I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now.

This is anecdotal and unfortunately has no value at all.

 

Side note: IPv6 configuration completed the beta phase successfully, the disclaimer must be deleted.

 

Kind regards

If someone is convinced it's a risk, then they don't test it. Slap a disclaimer on there, call everyone an idiot for opt-ing in, whatever you want, but the choice existing is what counts. You'll end up having a better implementation of it in the long-run once it's official. OpenVPN hasn't been updated in almost 6 months. Being so fervently against such a compelling alternative makes me suspicious about Air more than anything. Even Torvalds is excited about it being merged in the kernel soon. In case anyone isn't aware, here are the highlights:

  • Under 4k lines of code

  • Kernel-space only (no context switching to userspace and back)

  • Extremely efficient - fixed length fields in the protocol eliminates the need of parsers

  • Fixed efficient modern encryption. Eliminates inconsistencies in encryption and simplifies configuration.

  • No multilayer protocol handshakes.

  • No connection state. You send your packet to the interface, it will be either delivered or not - everything is handled automatically.

  • Built-in DDOS, anti-scan and attack protection - if encryption key is incorrect the server will simply not reply reducing potential threats to pretty much nothing.

  • Tiny(hundreds of bytes) size allows using it on cheap routers with just a few megabytes of ROM, on IOT, microcontrollers...

  • Very light on CPU means low battery usage. If you used OpenVPN on your phone you know how power hungry this piece of history is. Wireguard consumes nothing.

  • Scalable. You can have thousands of tunnels on one server. You can route all your traffic to a tunnel with almost no overhead. You can even implement your whole network layer on Wireguard tunnels.

  • Very easy to configure. Configuration is literally 2 lines - remote IP and key. You deal with the rest of the configuration just like if it was a local interface. And it works exactly this way.

  • Secure. Like REALLY secure. Developed by a security professional. 4k lines of code can be easily read and analyzed. And impressively it's one of the very few protocols that passed formal verification. Probably the only VPN protocol. You can read the whitepaper here

  • And it's FOSS! (no licensing controversy like with OpenVPN)

I'll stop here though, since the mods have made it clear they have zero interest in touching it anytime soon. But calling any other VPN negligent for doing so is a bit much, to say the least.

 

> Under 4k lines of code

 

Please read this

 

Whilst Wireguard itself may be around 4000 LoC, it still adds a bunch of crypto which will need a thorougher indepth review. You seem to be another simpleton whose jumped on the "omg Torvalds finds it fantastic we must deploy it today" bandwagon. He may *like* the code, but there's much more to it than that.

 

I'd also advise you to read this

 

which says that some logging is required for its operation.

 

It's not wise to jump on something that is unproven, and Air is making the correct decision. Let's wait for other VPNs to see how they get on, and let them be the fall guys first.

Share this post


Link to post

Please read this

 

Whilst Wireguard itself may be around 4000 LoC, it still adds a bunch of crypto which will need a thorougher indepth review. You seem to be another simpleton whose jumped on the "omg Torvalds finds it fantastic we must deploy it today" bandwagon. He may *like* the code, but there's much more to it than that.

 

In comparison, OpenVPN has 100k lines + 500k lines of OpenSSL, or StrongSwan, which is 400k lines + XFRM (IPSec) at 13k lines. Even with the crypto code attached it's still tiny. OpenVPN is overwhelmingly complex, with large attack surfaces, using mostly cryptographic designs from the 90's. I do hope the 'simpleton' comment made you feel better, though. I'm sure you need it.

Share this post


Link to post

We know that current Wireguard release is experimental and the protocol is subject to change, as reported by Wireguard programmers in the home page

 

They say it's not to be considered secure yet because it's still not in the MLK. If you followed the WireGuard mailing list you'd know Jason states the 'not to be considered production ready' is an ass covering statement and actually WireGuard is fine.

 

At the moment it is totally unusable in our infrastructure because it lacks TCP support

 

TunSafe adds support for WireGuard over TCP. https://github.com/TunSafe/TunSafe/blob/master/docs/WireGuard%20TCP.txt

 

Honestly I think this is the crux of the issue. Your infrastructure isn't compatible in its current state, so it's a good business decision not to include it. There's absolutely nothing wrong with that; I still love Air. You're exceptional at what you do. But all the other FUD is unnecessary.

Share this post


Link to post

In comparison, OpenVPN has 100k lines + 500k lines of OpenSSL, or StrongSwan, which is 400k lines + XFRM (IPSec) at 13k lines. Even with the crypto code attached it's still tiny. OpenVPN is overwhelmingly complex, with large attack surfaces, using mostly cryptographic designs from the 90's. I do hope the 'simpleton' comment made you feel better, though. I'm sure you need it. :)

 

Hello,

 

you don't need to link OpenVPN against OpenSSL. For example in Android we link it against mbedTLS.

 

Kind regards

Share this post


Link to post

https://github.com/TunSafe/TunSafe/blob/master/docs/WireGuard TCP.txt

 

Honestly I think this is the crux of the issue. Your infrastructure isn't compatible in its current state, so it's a good business decision not to include it. There's absolutely nothing wrong with that; I still love Air. You're exceptional at what you do. But all the other FUD is unnecessary.

 

 

Hello!

 

it looks like you still miss the point. Wireguard, in its current state, not only is dangerous because it lacks basic features and is an experimental software, but it also weakens dangerously the anonymity layer. Our service aims to provide some anonymity layer, therefore we can't take into consideration something that weakens it so deeply.

 

We will gladly take Wireguard into consideration when it reaches a stable release AND offers at least the most basic options which OpenVPN has been able to offer since 15 years ago. The infrastructure can be adapted, our mission can't.

 

We provided a list of missing features causing real, objective security flaws in Wireguard (when meant to provide specific features). We will expand them here below since it looks like you missed the huge implications of the mentioned issues.

 

If you followed the WireGuard mailing list you'd know Jason states the 'not to be considered production ready' is an ass covering statement and actually WireGuard is fine.

 

It's not a matter to "cover their asses" as you say.

 

First, it's a matter of security. If you followed some basic IT security principle, you would know how wrong and dangerous a claim like the one quoted here above is. If you are really in the position to certify that "Wireguard is fine", then do it officially. If you can't do it officially, your words must be considered irrelevant, because they go against the claims of the very Wireguard developers themselves.

 

Second, it is a matter of lacking features that are essential for any service which aims to provide a decent layer of anonymity.

 

Wireguard, in its current state, does not meet our requirements. Here below, once again, some points which need to be considered and addressed:

 

  • Wireguard lacks dynamic IP address management. The client needs to be assigned in advance a pre-defined VPN IP address uniquely linked to its key on each VPN server. The impact on the anonymity layer is catastrophic;
  • Wireguard client does not verify the server identity (a feature so essential that it will be surely implemented when Wireguard will be no more an experimental sofware); the impact on security caused by this flaw is very high;
  • TCP support is missing (third party or anyway additional code is required to use TCP as the tunneling protocol, as you suggest, and that's a problematic regression when compared to OpenVPN);
  • there is no support to connect Wireguard to a VPN server over some proxy with a variety of authentication methods.

 

Kind regards

Share this post


Link to post

With due respect to all tech savvy folks in our forum, I have few comments. I subscribe to IVPN in addition to Air. Recently, IVPN started providing wireguard servers (10 servers) in multiple platforms (Windows not yet available). To my knowledge, they are providing this option after Mullvad and Azirevpn. I have also seen that vpn.ac and Torguard are planning to bring some wireguard servers, but the timeline is not known. IVPN clearly indicated "WireGuard is a new VPN protocol that promises better security and faster speeds compared to existing solutions like OpenVPN or IPSec.Please be aware that this protocol is still in development and we only recommend using it for testing purposes and in situations where security is not critical."

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...