
Security Analysis of WireGuard [pdf] - omeid2
https://courses.csail.mit.edu/6.857/2018/project/He-Xu-Xu-WireGuard.pdf
======
blinkingled
For anyone that thought this doesn't feel comprehensive the Prior Work
sections covers why -

"The WireGuard handshake protocol has undergone rigorous formal verification
of desired properties using the Tamarin proof system [2]. Many of the
cryptographic primitive implementations have also been formally verified as
correct. The remaining implementations have been carefully fuzzed against the
verified implementations to ensure correctness."

So all put together the simplicity goal really paid off for WireGuard.

~~~
browsercoin
Less code = Less surface area for attack?

~~~
pizzazzaro
Please remove your question mark?

~~~
solarkraft
Please just say 'correct'.

------
tptacek
Also, Kenny Paterson's analysis:

[https://eprint.iacr.org/2018/080](https://eprint.iacr.org/2018/080)

And, of course, the original peer-reviewed NDSS paper:

[https://www.ndss-
symposium.org/ndss2017/ndss-2017-programme/...](https://www.ndss-
symposium.org/ndss2017/ndss-2017-programme/wireguard-next-generation-kernel-
network-tunnel/)

Spoiler: it's pretty solid.

------
eximius
Boring in the sense that nothing exciting was found,but encouraging that 1)
nothing was found! 2) null-result publication is useful in and of itself,
sometimes.

~~~
CiPHPerCoder
There was a finding! A very very minor bug in the keepalive timer's rounding.

I mean, it's something.

~~~
_eht
Was that the reference to the 80% packet loss between two networks?

~~~
dfc
The packet loss and artificial latency were what the authors refer to as
fuzzing.

------
badrabbit
How much of a challenge is it to implement a purely userspace client? Last I
checked the wireguard app depends on the Linux kernel's Crypto primitive API's
a lot.

For increased adoption,it needs to support windows and iOS.

Not only that, high performance packet routing is sometimes done mostly in
user-space (haven't looked much into XDP yet).

~~~
CiPHPerCoder
They're in the works.

[https://git.zx2c4.com/](https://git.zx2c4.com/)

------
curiousgal
I gave up on getting Wireguard to work on an Arch server and an Android
client. Algo only supports Ubuntu and *BSD.

~~~
chancecarey
I use it on Arch with no issues at all.

~~~
computerfriend
Same. I've also set up WireGuard on Ububtu servers and the experience was
pretty much identical. Arch doesn't make this any harder.

