I'd like to see some server side connection benchmarks vs aes. The typical enterprise setup is cisco or juniper with a vpn hardware accelerator. If this is much more efficient, it may be a point of cost reduction in corp environments. Those things ain't cheap.
Announcement
Collapse
No announcement yet.
Android 12 Appears To Support Using WireGuard
Collapse
X
-
Originally posted by piotrj3 View Post
Absolutly false, and I myself could make working attack on something of this sort in short amount of time. You can literally byte by byte (or character by character) decode entire sensitive information like that due to that most compressions are dictionary based.
that's even one of the arguments of the wireguard devs: do compression on the app level
good encryption doesnt care about data. and dictionary attacks? really? do you live around 1944 by any chance?
- Likes 2
Comment
-
Originally posted by flower View Post
bullshit. many https pages are gzipped and still secure.
that's even one of the arguments of the wireguard devs: do compression on the app level
good encryption doesnt care about data. and dictionary attacks? really? do you live around 1944 by any chance?
Comment
-
Originally posted by ThoreauHD View PostI'd like to see some server side connection benchmarks vs aes. The typical enterprise setup is cisco or juniper with a vpn hardware accelerator. If this is much more efficient, it may be a point of cost reduction in corp environments. Those things ain't cheap.
If you believe you can build a wireguard solution that checks all the boxes a lot cheaper than the existing solutions you should go do it, and corporations will certainly consider your alternative (and be sure to bid for booth space at the next RSA conference (whenever that is) to get visibility).
- Likes 2
Comment
-
Great news for official wireguard support! It is a shame that some providers are not releasing wireguard configs and want you to use proprietary implementations while still marketing their service with wireguard support...
Originally posted by flower View Post
bullshit. many https pages are gzipped and still secure.
that's even one of the arguments of the wireguard devs: do compression on the app level
good encryption doesnt care about data. and dictionary attacks? really? do you live around 1944 by any chance?
I don't agree with piotrj3 or Jakobson since they failed to communicate the requirements for the attacks and claimed that it's a gernal problem which it is not, so it might sound like BS based on their claims but there is some truth to it if the conditions are right.
BREACH, CRIME, and similar like Bicycle-Attacks all depend on packet- or string-length as well as common characters which is usually linked to the src or dst addresses or URI. If the attacker cannot guess it, meaning if the data is not isolated or there's not any other traffic then it's worthless. A VPN makes this extremely expensive to guess. You have no idea to which domain the abetrary length data belongs... if it was outside of a VPN you can at least get the IP of the remote and try to obtain URIs or something.
Here's some references for someone who wants to go through the effort to make their own informed conclusions:
The CRIME attack taught us that using compression can endanger confidentiality. In particular, it is dangerous to concatenate attacker-supplied data with sensitive secret data and then compress and
https://github.com/nealharris/BREACH (c# sigh)
We examine the issue of password length leakage via encrypted traffic i.e., bicycle attacks. We aim to quantify both the prevalence of password length leakage bugs as well as the potential harm to users. In an observational study, we find that {\em most} of the Alexa top 100 rates sites are vulnerable to bicycle attacks meaning that an eavesdropping attacker can infer the exact length of a password based on the length the encrypted packet containing the password. We discuss several ways in which an eavesdropping attacker could link this password length with a particular user account e.g., a targeted campaign against a smaller group of users or via DNS hijacking for larger scale campaigns. We next use a decision-theoretic model to quantify the extent to which password length leakage might help an attacker to crack user passwords. In our analysis, we consider three different levels of password attackers: hacker, criminal and nation-state. In all cases, we find that such an attacker who knows the length of each user password gains a significant advantage over one without knowing the password length. As part of this analysis, we also release a new differentially private password frequency dataset from the 2016 LinkedIn breach using a differentially private algorithm of Blocki et al. (NDSS 2016) to protect user accounts. The LinkedIn frequency corpus is based on over 170 million passwords making it the largest frequency corpus publicly available to password researchers. While the defense against bicycle attacks is straightforward (i.e., ensure that passwords are always padded before encryption), we discuss several practical challenges organizations may face when attempting to patch this vulnerability. We advocate for a new W3C standard on how password fields are handled which would effectively eliminate most instances of password length leakage.
My conclusion: It's good practice to pad data with variable length prior to encrypting/compressing (although this is usually up to the service provider not the end-user). There's much bigger things to worry about than these HTTPS vulnerabilites. I dread hardware vulnerabilities and corrupt/leaked CA certs. While there was a fair amount of those issues the ones that effected me the most over the past decade was much more simple... Much of my private data was leaked by my government over anonymous FTP (not too long ago). It is possible to open a credit bank account using only my leaked data. Nobody was held accountable for the leak. I'm not very patriotic at the moment.
- Likes 1
Comment
-
Originally posted by bug77 View PostStill won't mean squat until servers also support it. I don't see that happening in corporate environments anytime soon. (Yes, I know it's happening elsewhere.)
If you mean "windows" then tough luck, I'm still seeing way too much modern deployments that use the total shit pptp as "corporate VPN" (that not only is not secure but it's a pain to pass through firewalls if you have multiple connections).
Comment
-
Originally posted by ThoreauHD View PostI'd like to see some server side connection benchmarks vs aes. The typical enterprise setup is cisco or juniper with a vpn hardware accelerator. If this is much more efficient, it may be a point of cost reduction in corp environments. Those things ain't cheap.
Since I've also used it in OpenWrt in devices that have very weak CPUs, you can usually expect wireguard to have between two and three times the performance/bandwith on a crappy ARM or MIPS system (crappy in the sense that it's running the whole pocket router and wifi AP from a USB port worth of power) like the small GL.Inet minirouters. So like 100Mbit instead of 30Mbit.
The official PR material of GL.Inet for this particular device also claims large performance difference (scroll down until you see the blue and black bars) https://www.gl-inet.com/products/gl-e750/ of 10 Mbit with OpenVPN and 50 Mbit with WIreguard.
It really there isn't much of a contest.Last edited by starshipeleven; 17 October 2020, 05:59 AM.
- Likes 3
Comment
-
Originally posted by starshipeleven View Postwhat does this mean?
Wireguard default = UDP
if you are running an application with Wireguard that has specific timing requirements it may time out waiting for the tunnel to reestablish with its gateway. So you can tell an LTM to maintain a persistent state between the endpoints.
Also helpful if you are load balancing Wireguard clients to multiple Wireguard gateways. Instead of telling the Wireguard clients all of the IP addresses of its peers. You can provide a single VIP for them to talk to. Then the LTM can manage the persistence of the sessions being requested if necessary.
- Likes 1
Comment
-
Originally posted by edwaleni View Post
LTM = Load Traffic Manager ie: F5, Cisco, Juniper
Wireguard default = UDP
if you are running an application with Wireguard that has specific timing requirements it may time out waiting for the tunnel to reestablish with its gateway. So you can tell an LTM to maintain a persistent state between the endpoints.
Wireguard has a keep-alive functionality to keep the NAT tunnel open and re-connects if something changes in the connection (i.e. for example the client is transitioning from a wifi to a LTE connection). The lowest value you can set this is to send acks every second, with default value of 25.
Does it still need configuration in the LTM to maintain a persistent state or does this suffice?
Also helpful if you are load balancing Wireguard clients to multiple Wireguard gateways. Instead of telling the Wireguard clients all of the IP addresses of its peers. You can provide a single VIP for them to talk to. Then the LTM can manage the persistence of the sessions being requested if necessary.
Everyone will be able to see everyone else even if the clients don't know all IPs or keys, but of course everything will be routed through the "VIP" server because that's the only one that knows all clients. (in that article the guy goes on and adds the ability to bypass the VIP when sending stuff between peers, but of course you still need the VIP for the first connection)
This is more or less the "default" situation for most people, with all their devices inside a NATted network that are connecting to a single "server" in a cheapo cloud VM or their home server with a public IP.Last edited by starshipeleven; 17 October 2020, 09:17 PM.
Comment
Comment