A little missing context there.
-
-
Replying to @matthew_d_green @tqbf
I believe it's the fact that the authors warned the protocol is experimental and underscrutinized for security, yet Torvalds appears to want it integrated asap into Linux nevertheless because it, um, looks pretty?
1 reply 0 retweets 1 like -
Replying to @pbarreto @matthew_d_green
That was true 18 months ago and is less true now; WireGuard has received a fair bit of academic scrutiny. Also: in kernel code, what you’re summarizing as “pretty” has actual security value. The most likely flaws in VPN software aren’t cryptographic.
1 reply 0 retweets 5 likes -
Replying to @tqbf @matthew_d_green
I'm interested in the analysis part. I'm only aware of one paper by
@kennyog from Jan 2018 (who states they found no prior rigorous analysis in the literature, and in fact what they proved secure was a slightly modified protocol) and a student overview. Any other?3 replies 0 retweets 0 likes -
This warning in Wireguard's own website sounds ominous: https://www.wireguard.com/#about-the-project … I'd also be worried about adding code that comes with such a disclaimer to the Linux kernel.
@zx2c4 It may need an update?1 reply 0 retweets 0 likes -
Replying to @xEFFFFFFF @pbarreto and
He’s been saying for the last 6 months that he just needs to update the web page.
1 reply 0 retweets 0 likes -
Replying to @tqbf @xEFFFFFFF and
Then he also needs to update the github project page? The disclaimer mentions a stable version 1.0 but it's not available either. Also unclear if that slight modification needed for security was included in the current version.
1 reply 0 retweets 0 likes -
We discussed with
@zx2c4 but he had strongly held views about not changing his protocol.1 reply 0 retweets 1 like -
Can you do an ACCE version? Why is there no generic way to prove a weak form of security for the key exchange, prove security for the symmetric data exchange, and then use some standard transform to get ACCE?
2 replies 0 retweets 0 likes -
Replying to @matthew_d_green @pbarreto and
ACCE should be possible but a) it's messier, b) we didn't have the energy, c) protocol runs over UDP and tolerates packet loss, hence ACCE extension needed. Good student project tho'
1 reply 0 retweets 1 like
Already done! https://benjaminlipp.de/master-thesis/
-
-
Replying to @EdgeSecurity @kennyog and
That is a very neat proof. I wish I knew how to use CryptoVerif. With that said, it still looks like a monolithic ACCE proof, rather than a modular proof of the key exchange and data exchange with some simple theorem to tie them together. Or am I misreading it?
2 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.