Jump to content


Photo
- - - - -

Wireguard + post-quantum cryptography

privacy

  • Please log in to reply
16 replies to this topic

#1 Casper31

Casper31

    Advanced Member

  • Members
  • PipPipPip
  • 127 posts

Posted 09 December 2017 - 08:32 PM

Mullvad enhances wireguard protocol  with "post quantun cryptography.

Mullvad thinks that this, quantum crypto can be a solution to the coming quantum computer.

https://www.mullvad.net/blog/2017/12/8/introducing-post-quantum-vpn-mullvads-strategy-future-problem/

 

Not bad at all Mullvad.

 

Gr,Casper

 


xmpp.airvpn.org ; D70D4969 808093D5 ED232F8A 1764CFBC C020509B


#2 OmniNegro

OmniNegro

    Advanced Member

  • Members
  • PipPipPip
  • 278 posts
  • LocationThe Fiery Pits of Texas, USA.

Posted 10 December 2017 - 06:00 AM

Sadly, I think this is like promising a car that will use no fuel if you use the software for the one that uses fuel available from only one single closed source vendor today.

 

All you get is a really expensive fuel.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.


#3 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2214 posts

Posted 10 December 2017 - 08:16 AM

Post - in latin is a prefix, meaning “behind,” “after,” “later,” from the word postscript.

We haven't seen a practical quantum computer yet, so anything "post-quantum" is just a theory at this moment.

 

The most powerful "grid" today is the Bitcoin network, which is more powerful than all top 500 supercomputers

in the world (combined together), but still not big enough for breaking AES-256, and probably it will be that way

for the next forecastable period of our lifetime.

 

Wireguard is a very niche protocol that is only supported on Linux at the moment, although there are some

efforts to port it to other platforms as well, according to: https://www.wireguard.com/xplatform/

 

So far a very few users can actually benefit from it, at the current state.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#4 jean claud

jean claud

    Advanced Member

  • Members
  • PipPipPip
  • 155 posts

Posted 10 December 2017 - 07:46 PM

I think too that post quantum crypto is a gadget but for using wireguard since around three months , I can say that it works like a charm (not onlly one issue during this time) and speed is really really fast !

#5 jal

jal

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 10 December 2017 - 08:26 PM

I am already using it with Mullvad and it works very well and fast, even with qbittorrent. I think it's a good thing after Google tested that algorithm, called New Hope, as "promising" and with great results.



#6 OmniNegro

OmniNegro

    Advanced Member

  • Members
  • PipPipPip
  • 278 posts
  • LocationThe Fiery Pits of Texas, USA.

Posted 10 December 2017 - 11:30 PM

Five years ago, this article was posted. I enjoy reminding people that even if every computer in the world were the example supercomputer, and were slaved together to work on just one single AES-128 bit key, they could not possibly manage to break it while anyone currently alive is still alive.

https://www.eetimes.com/document.asp?doc_id=1279619

 

Currently the best supposed "Quantum" computers are basically as potent as a modern cellular phone. In other words, they suck ass. They could not manage to crack DES, and DES is a 56 bit joke of an algorithm that is not used anymore because it is plainly inferior to everything else we have. (Literally everything beats DES.)

 

If we ever have real quantum computers, we will have so many changes overnight that we will not be able to keep up. Cancer will be universally curable. Disease will basically become an outdated term that no longer applies to us at all, and so many of us will wind up in prison for something we may have done a decade or two ago that our justice departments will have to decide what sort of crimes they will bother to enforce. Oh and World War Three will be a likely contender for that time too...

 

In short, Quantum computers can and would make even impossible tasks simple. But they are not something Humans are ready for. I truly hope we never get them. We need time to grow as a species and learn from our mistakes first.

 

/rant over Good day everyone.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.


#7 dr.s

dr.s

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 30 December 2017 - 10:42 PM

I am already using it with Mullvad and it works very well and fast, even with qbittorrent. I think it's a good thing after Google tested that algorithm, called New Hope, as "promising" and with great results.


It works also on Mac's

#8 matmat

matmat

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 31 March 2018 - 07:43 PM

Not sure if anyone here belongs to airvpn staff, so i'm just gonna ask...

 

Even though it is still experimental, based on the videos i watched, it won't take long until this go into mainline kernel. Linux overlord himself has expressed interest to get this in rather sooner than later.

Can we have some plans/feedback generally about wireguard from airvpn staff?

 

People have commented that they tried mullvad, so I'm also trying it now and it works much faster thank openvpn with normal browsing (at least it feels like that, didn't do any actual measurements).

Would be nice if we can use it with airvpn even if we take into account that it is experimental tech.



#9 WaNNaBEAnoNymoUs

WaNNaBEAnoNymoUs

    Advanced Member

  • Members
  • PipPipPip
  • 39 posts

Posted 01 April 2018 - 04:38 AM

Yes, i have tested and still test.. Looks good and promising! & only "few" lines of code to made it, way to go Jason :)


"You don't have to be a genius to sound like one." - BDS


#10 lightguard

lightguard

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 17 August 2018 - 01:07 AM

so much noise about this "wireguard + post-quantum cryptography" that I just had to take a look.

 

So fundamentally it's about simplifying the set up of a secure channel. wireguard has nothing whatsoever to do with the underlying encryption. Its main strength (if it works as advertised) is the ability to set up lots of new channels quickly. So this would be useful if you were making ***LOTS*** of purchases from different web sites very quickly. You would then need a secure channel to each page to pay for your goods. But this is absolutely not the case when you are using a VPN to access restricted sites such as tpb. In that case you only need to set up one secure channel and all your data flows back and forth along that one channel. Yes the underlying software might need to exchange new keys every hour of so but this is no big deal for even a modest modern PC.

 

Now the one thing that wireguard promises is to simplify the process by eliminating some of the protocol layers and moving code from user space to kernel space. This is really fraught with hidden dangers and not something to be undertaken without an immense amount of beta testing - and I don't mean by Joe Public but by people that really understand security and encryption.

 

So, given that the underlying encryption schemes can be the same for wireguard and openvpn, the crunch really comes down to: do you trust old software that has been around for a long time, is well understood and has had a lot of the bugs fixed ***OR*** do you trust a piece of software that is new, makes drastic changes (to the kernel and protocol) and is relatively untested.

 

And just one last thought: it is easy to make an encrypted VPN look fast, you just use a simplified encryption algorithm ***BUT*** the crunch is would you be able to tell the difference?



#11 Hanzo22

Hanzo22

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 16 October 2018 - 01:22 AM

"Not usable without logs"

https://www.perfect-privacy.com/blog/2018/10/10/wireguard-vpn-pros-and-cons/



#12 bkyq

bkyq

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 26 October 2018 - 02:44 PM

Would really like Air to reevaluate their decision not to implement WireGuard. It's clearly no longer a "niche" thing and the sole reason I've been looking at other providers recently.



#13 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7617 posts

Posted 26 October 2018 - 04:40 PM

Would really like Air to reevaluate their decision not to implement WireGuard. It's clearly no longer a "niche" thing and the sole reason I've been looking at other providers recently.

 

We already mentioned that we are very much interested in the project. Of course selling some service now based on Wireguard would be culpable negligence, it is in testing phase and is incomplete. From the home page of the web site project:
 

WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software)

 

When the developers will decide the final protocol and Wireguard is released as a stable version things will change and a peer review etc. will become possible.

 

Kind regards



#14 bkyq

bkyq

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 26 October 2018 - 08:06 PM

Would really like Air to reevaluate their decision not to implement WireGuard. It's clearly no longer a "niche" thing and the sole reason I've been looking at other providers recently.

 

We already mentioned that we are very much interested in the project. Of course selling some service now based on Wireguard would be culpable negligence, it is in testing phase and is incomplete. From the home page of the web site project:
 

>>WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software)

 

When the developers will decide the final protocol and Wireguard is released as a stable version things will change and a peer review etc. will become possible.

 

Kind regards

 

 

I understand your position and it is indeed a valid one. I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now. I get the impression that warning you quoted is more of a requisite disclaimer than anything meaningful.

 

What's the harm in offering beta services to customers who are interested and well aware of any associated instability? You have a prominent beta disclaimer for your IPv6 support, so I think this could be similar (even if it's not a direct parallel comparison).



#15 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7617 posts

Posted 27 October 2018 - 11:06 AM

Hello!

 

We prefer a safer approach. Testing the implementation of a stable protocol has nothing to do with testing an experimental protocol. IPv6 is definitely not an experimental protocol since so many years: the test is on our servers settings, not on the protocol, which is stable.

 

Completely different thing is testing a protocol which is itself experimental.

 

I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now.

 

This is anecdotal and unfortunately has no value at all.

 

Side note: IPv6 configuration completed the beta phase successfully, the disclaimer must be deleted.

 

Kind regards



#16 routeninja

routeninja

    Advanced Member

  • Members
  • PipPipPip
  • 63 posts

Posted 05 November 2018 - 09:17 PM

Hello!

 

We prefer a safer approach. Testing the implementation of a stable protocol has nothing to do with testing an experimental protocol. IPv6 is definitely not an experimental protocol since so many years: the test is on our servers settings, not on the protocol, which is stable.

 

Completely different thing is testing a protocol which is itself experimental.

 

I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now.

 

This is anecdotal and unfortunately has no value at all.

 

Side note: IPv6 configuration completed the beta phase successfully, the disclaimer must be deleted.

 

Kind regards

 

As much as I would like to test Wireguard, and I would! I really appreciate this stance.

 

Everyone always wants the latest and most shiny thing, however, sometimes we forsake what we have in lieu of that. OpenVPN is a bloated protocol, yes. However, most people here claim that they are getting almost full bandwidth saturation while using it. It is also very flexible and thoroughly tested and has been around quite awhile. What is Wireguard going to get you that you don't have currently?

 

Thank you for taking the safer approach, Air. I much prefer my privacy and security to the latest and (maybe) greatest thing.



#17 5YmkoLQZ

5YmkoLQZ

    Advanced Member

  • Members
  • PipPipPip
  • 202 posts

Posted 07 November 2018 - 12:26 PM

Hello!

 

We prefer a safer approach. Testing the implementation of a stable protocol has nothing to do with testing an experimental protocol. IPv6 is definitely not an experimental protocol since so many years: the test is on our servers settings, not on the protocol, which is stable.

 

Completely different thing is testing a protocol which is itself experimental.

 

I guess I'm just coming from a different perspective since I've looked at the code myself and have been using it flawlessly for awhile now.

 

This is anecdotal and unfortunately has no value at all.

 

Side note: IPv6 configuration completed the beta phase successfully, the disclaimer must be deleted.

 

Kind regards

 

As much as I would like to test Wireguard, and I would! I really appreciate this stance.

 

Everyone always wants the latest and most shiny thing, however, sometimes we forsake what we have in lieu of that. OpenVPN is a bloated protocol, yes. However, most people here claim that they are getting almost full bandwidth saturation while using it. It is also very flexible and thoroughly tested and has been around quite awhile. What is Wireguard going to get you that you don't have currently?

 

Thank you for taking the safer approach, Air. I much prefer my privacy and security to the latest and (maybe) greatest thing.

 

I'd go so far as to argue it'd be negligent for Air to publicly test this for at least another 3 years, if not 5 or 10. AirVPN launched at least in 2012, so OpenVPN was at least 11 years old at that time. There is also the claim that using Wireguard involves logging as Hanzo22 said so for now, it's best to wait for it to fully mature.

 

For this reason Mullvad should be considered negligent by using such a protocol and avoided at all costs; you simply do not jump on the hip new thing without waiting for a proper security Audit.







1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 14536 - BW: 50501 Mbit/sYour IP: 54.167.18.170Guest Access.