Hacker News new | comments | show | ask | jobs | submit login

WireGuard is likely going to be merged into Linux kernel[1]. And it's already supported by latest Systemd 237[2].

If you're comfortable with beta/dev software versions, or using ArchLinux/Debian Sid/other distro with the latest software—there's no reason not to rely on WireGuard today. Otherwise, wait until it arrives at your system, being built into the mainline kernel. Also, I would like it to get audited by independent third-party.

[1] https://www.phoronix.com/scan.php?page=news_item&px=WireGuar...

[2] https://www.phoronix.com/scan.php?page=news_item&px=systemd-...




It's reasonable to want to see an audit report but bear in mind:

1. There aren't many audit firms qualified to do that audit, and only a subset of the people at most of the qualified firms are themselves qualified.

2. As a result, none of WireGuard's competition has been meaningfully audited --- all of them have been audited, but the projects are pretty much seen as a well that we can keep going back to for more bugs.

The only exception to that rule is probably OpenSSH, which despite the very complex code base has received pretty significant coverage --- not so much from formal audits (it's had some, but they're the same kind as I just described above) but from a decade of close scrutiny.

Against the desire for an audit, I'd also bank:

- The author is a Linux kernel vuln researcher

- The codebase is deliberately tiny

- The protocol was streamlined specifically to make it possible to implement as simply as it was


> 1. There aren't many audit firms qualified to do that audit, and only a subset of the people at most of the qualified firms are themselves qualified.

I know of one (and we're hosting the dude who wrote the Wireguard go implementation this summer (hey Mathias))




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: