Presented by Jason A Donenfeld FOSDEM 2017

Recommendations

Info

Performance ▪ Being in kernel space means that it is fast and low latency. ▪ No need to copy packets twice between user space and kernel space. ▪ ChaCha20Poly1305 is extremely fast on nearly all hardware, and safe. ▪ AES-NI is fast too, obviously, but as Intel and ARM vector instructions become wider and wider, ChaCha is handedly able to compete with AES- NI, and even perform better in some cases. ▪ AES is exceedingly difficult to implement performantly and safely (no cache-timing attacks) without specialized hardware. ▪ ChaCha20 can be implemented efficiently on nearly all general purpose processors. ▪ Simple design of WireGuard means less overhead, and thus better performance. ▪ Less code Faster program? Not always, but in this case, certainly.
Performance: Measurements Bandwidth Ping Time OpenVPN (AES) 257 OpenVPN (AES) 1.541 IPSec (ChaPoly) 825 IPSec (ChaPoly) 0.508 IPSec (AES) 881 IPSec (AES) 0.501 WireGuard 1011 WireGuard 0.403 0 128 256 384 512 640 768 896 1024 Megabits per Second 0 0.25 0.5 0.75 1 1.25 1.5 Milliseconds
Page 1 and 2: Presented by Jason A. Donenfeld FOS
Page 3 and 4: What is WireGuard? ▪ Layer 3 secu
Page 5 and 6: Easily Auditable IPsec (XFRM+Strong
Page 7 and 8: Blasphemy! ▪ WireGuard is blasphe
Page 9 and 10: Cryptokey Routing PUBLIC KEY :: IP
Page 11 and 12: Cryptokey Routing User space send()
Page 13 and 14: Cryptokey Routing ▪ Makes system
Page 15 and 16: Demo
Page 17 and 18: Simple Composable Tools: wg-quick
Page 19 and 20: Namespaces: Containers # ip addr 1:
Page 21 and 22: Static Allocations, Guarded State,
Page 23 and 24: Solid Crypto ▪ ▪ ▪ ▪ ▪
Page 25 and 26: The Key Exchange ▪ In order for t
Page 27 and 28: The Key Exchange ▪ Very limited s
Page 29 and 30: Timers User space sends packet. •
Page 31 and 32: Denial of Service Resistance ▪ Ha
Page 33 and 34: Cookies: DTLS-like and IKEv2-like
Page 35 and 36: Cookies: The WireGuard Variant ▪
Page 37: Cookies: The WireGuard Variant ▪
Page 41: More Information WireGuard ▪ Main

Presented by Jason A Donenfeld FOSDEM 2017

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?