Presented by Jason A Donenfeld FOSDEM 2017

Recommendations

Info

The Key Exchange: NoiseIK ▪ One peer is the initiator; the other is the responder. ▪ Each peer has their static identity – their long term static keypair. ▪ For each new handshake, each peer generates an ephemeral keypair. ▪ The security properties we want are achieved <strong>by</strong> computing ECDH() on the combinations of two ephemeral keypairs and two static keypairs. ▪ Session keys = Noise( ) ECDH(ephemeral, static), ECDH(static, ephemeral), ECDH(ephemeral, ephemeral), ECDH(static, static) ▪ The first three ECDH() make up the “triple DH”, and the last one allows for authentication in the first message, for 1-RTT.
The Key Exchange ▪ Very limited set of primitives: ▪ Elliptical curve Diffie-Hellman, hashing, authenticatedencryption. ▪ Just 1-RTT. ▪ Extremely simple to implement in practice, and doesn’t lead to the type of complicated messes we see in OpenSSL and StrongSwan. ▪ No certificates, X.509, or ASN.1: both sides exchange very short (32 <strong>by</strong>tes) base64-encoded public keys, just as with SSH.
Page 1 and 2: Presented by Jason A. Donenfeld FOS
Page 3 and 4: What is WireGuard? ▪ Layer 3 secu
Page 5 and 6: Easily Auditable IPsec (XFRM+Strong
Page 7 and 8: Blasphemy! ▪ WireGuard is blasphe
Page 9 and 10: Cryptokey Routing PUBLIC KEY :: IP
Page 11 and 12: Cryptokey Routing User space send()
Page 13 and 14: Cryptokey Routing ▪ Makes system
Page 15 and 16: Demo
Page 17 and 18: Simple Composable Tools: wg-quick
Page 19 and 20: Namespaces: Containers # ip addr 1:
Page 21 and 22: Static Allocations, Guarded State,
Page 23 and 24: Solid Crypto ▪ ▪ ▪ ▪ ▪
Page 25: The Key Exchange ▪ In order for t
Page 29 and 30: Timers User space sends packet. •
Page 31 and 32: Denial of Service Resistance ▪ Ha
Page 33 and 34: Cookies: DTLS-like and IKEv2-like
Page 35 and 36: Cookies: The WireGuard Variant ▪
Page 37 and 38: Cookies: The WireGuard Variant ▪
Page 39 and 40: Performance: Measurements Bandwidth
Page 41: More Information WireGuard ▪ Main

Presented by Jason A Donenfeld FOSDEM 2017

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?