Development discussion of WireGuard
 help / color / mirror / Atom feed
* Preshared Key Rework Coming Soon
@ 2017-05-11 20:32 Jason A. Donenfeld
  2017-05-11 21:25 ` Fredrik Strömberg
  2017-05-11 22:42 ` Bzzzz
  0 siblings, 2 replies; 3+ messages in thread
From: Jason A. Donenfeld @ 2017-05-11 20:32 UTC (permalink / raw)
  To: WireGuard mailing list; +Cc: Kevin Milner

Hey lazylist,

Since the last discussion of preshared key mode in WireGuard, we've
made some substantial progress. Trevor and I have been working out the
cryptodetails [1], and Kevin and I have been tweaking our formal
verification model. Everything is coming together quite nicely on that
front.

For those who are just catching up on this discussion, the gist is
that the PresharedKey attribute is moving from being part of the
Interface to part of the Peer. This will enable PSKs to be a pair-wise
value, rather than having an Interface use one PSK for all its peers,
a significant security improvement.

I've written up the changes in the whitepaper [2] and the protocol doc
[3]. I've implemented it in the latest git master, though probably you
should wait for the next snapshot to try it out. I'm now in the
progress of writing [4] patches [5] for various [6] WireGuard
integrations, so that when I release the next snapshot, things can
transition over smoothly, in addition to various Noise libraries [7].

If all goes well, the Noise changes will be out on Tuesday, and the
snapshot should happen minutes after that.

Let me know if there are any questions.

Regards,
Jason

[1] https://moderncrypto.org/mail-archive/noise/2017/001006.html
[2] https://www.wireguard.io/papers/wireguard.pdf
[3] https://www.wireguard.io/protocol/
[4] https://github.com/openwrt/packages/pull/4341/files#diff-4fe54b567672346a15da55f1c6af8c9a
[5] https://github.com/openwrt/luci/pull/1160/files
[6] https://github.com/NixOS/nixpkgs/pull/25646/files#diff-110379e7db2311e8bef5a02392ac1495
[7] https://github.com/flynn/noise/pull/11/files

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Preshared Key Rework Coming Soon
  2017-05-11 20:32 Preshared Key Rework Coming Soon Jason A. Donenfeld
@ 2017-05-11 21:25 ` Fredrik Strömberg
  2017-05-11 22:42 ` Bzzzz
  1 sibling, 0 replies; 3+ messages in thread
From: Fredrik Strömberg @ 2017-05-11 21:25 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: Kevin Milner, WireGuard mailing list

Great to hear. Thank you all for your hard work.

Cheers,
Fredrik

On Thu, May 11, 2017 at 10:32 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> Hey lazylist,
>
> Since the last discussion of preshared key mode in WireGuard, we've
> made some substantial progress. Trevor and I have been working out the
> cryptodetails [1], and Kevin and I have been tweaking our formal
> verification model. Everything is coming together quite nicely on that
> front.
>
> For those who are just catching up on this discussion, the gist is
> that the PresharedKey attribute is moving from being part of the
> Interface to part of the Peer. This will enable PSKs to be a pair-wise
> value, rather than having an Interface use one PSK for all its peers,
> a significant security improvement.
>
> I've written up the changes in the whitepaper [2] and the protocol doc
> [3]. I've implemented it in the latest git master, though probably you
> should wait for the next snapshot to try it out. I'm now in the
> progress of writing [4] patches [5] for various [6] WireGuard
> integrations, so that when I release the next snapshot, things can
> transition over smoothly, in addition to various Noise libraries [7].
>
> If all goes well, the Noise changes will be out on Tuesday, and the
> snapshot should happen minutes after that.
>
> Let me know if there are any questions.
>
> Regards,
> Jason
>
> [1] https://moderncrypto.org/mail-archive/noise/2017/001006.html
> [2] https://www.wireguard.io/papers/wireguard.pdf
> [3] https://www.wireguard.io/protocol/
> [4] https://github.com/openwrt/packages/pull/4341/files#diff-4fe54b567672346a15da55f1c6af8c9a
> [5] https://github.com/openwrt/luci/pull/1160/files
> [6] https://github.com/NixOS/nixpkgs/pull/25646/files#diff-110379e7db2311e8bef5a02392ac1495
> [7] https://github.com/flynn/noise/pull/11/files
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Preshared Key Rework Coming Soon
  2017-05-11 20:32 Preshared Key Rework Coming Soon Jason A. Donenfeld
  2017-05-11 21:25 ` Fredrik Strömberg
@ 2017-05-11 22:42 ` Bzzzz
  1 sibling, 0 replies; 3+ messages in thread
From: Bzzzz @ 2017-05-11 22:42 UTC (permalink / raw)
  To: wireguard

On Thu, 11 May 2017 22:32:23 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:

> Hey lazylist,
>=20
> Since the last discussion of preshared key mode in WireGuard, we've
> made some substantial progress. Trevor and I have been working out the
> cryptodetails [1], and Kevin and I have been tweaking our formal
> verification model. Everything is coming together quite nicely on that
> front.

It is time, I was about to wait!

May be that's because you do not work enough (nor does Trevor)=E2=80=A6

JY









*<;-{D

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-11 22:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-11 20:32 Preshared Key Rework Coming Soon Jason A. Donenfeld
2017-05-11 21:25 ` Fredrik Strömberg
2017-05-11 22:42 ` Bzzzz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).