[WireGuard] Suggestion: Hide private key by default with wg tool

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: Bin Jin <bjin@ctrl-d.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: [WireGuard] Suggestion: Hide private key by default with wg tool
Date: Tue, 26 Jul 2016 22:51:56 +0200	[thread overview]
Message-ID: <CAHQn_MD74m-mHQLCbK7UG72BnCdbVbdUpiD0jF4Jk1NFuJMLAw@mail.gmail.com> (raw)

Hello Jason,

I think there is a potential security issue regarding the use of "wg"
tool. By default "wg" will print the private keys in plain text to the
console. This isn't going to be a big issue in general, but if I was
showing my friend how to use wireguard, or using my computer in public
places with surveillance camera, without a option to hide private keys
I would very likely get my private keys compromised. IIUC, compromise
of private key won't have security impact assuming a passive attacker,
and an active attacker needs to have private keys from both side to
perform a MitM attack. But nonetheless, I think this could be fixed
very easily, to avoid actual potential security compromise.

Considering that most people would probably type "wg" without any
further options that explicitly hide all private keys (either without
the knowledge of the option, or by accident). I would suggest to hide
the private key by default (showing some text like "(private key
hidden by default)" instead), and add an option to allow user to
explicitly showing the private key like "--show-private-keys".

Thanks!

Bin

next             reply	other threads:[~2016-07-26 20:49 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-26 20:51 Bin Jin [this message]
2016-07-28 12:01 ` Jason A. Donenfeld
2016-07-28 13:09   ` Bin Jin
2016-07-28 15:19     ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAHQn_MD74m-mHQLCbK7UG72BnCdbVbdUpiD0jF4Jk1NFuJMLAw@mail.gmail.com \
    --to=bjin@ctrl-d.org \
    --cc=Jason@zx2c4.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).