Hello,
On 04/23/17 09:53, saeidscorp wrote:
I've been having troubles using WireGuard on Gentoo hardened/PaX
kernel. I have set up WireGuard on regular kernels several times, but
on a PaX kernel it causes the kernel to panic.
All steps of interface addition and configuration using wg tool work
On Sun, Apr 23, 2017, at 06:49 AM, Fredrik Strömberg wrote:
> [...]
> Furthermore, consider that the IP addresses of the peers will most
> likely be available to the attacker.
> [...]
> 2. The attacker gains an advantage by knowing S(pub,i) which is not
> gained by already available metadata (such
Hi everybody,
I've been having troubles using WireGuard on Gentoo hardened/PaX kernel. I have
set up WireGuard on regular kernels several times, but on a PaX kernel it
causes the kernel to panic.
All steps of inetrface addition and configuration using wg tool work well, but
as soon as the first
Hi! :)
On Sun, Apr 23, 2017 at 9:05 AM, wrote:
> Forgive me in advance if this is a horrible or misinformed idea, but why
> not blake2s the preshared-key with each peer's public key and distribute
> that as a per-peer "preshared" key, mixing it in last? That would reduce
> the risk of key compro
Hi everyone,
Jason, you already know my opinion on this, but I will restate it here
for the sake of discussion.
Summary:
Yes, we should make the change so that Pre-Shared Keys are per-peer.
The benefits of per-peer PSKs vastly outweigh the disadvantages.
Premises:
A. The current (or proposed) im
Forgive me in advance if this is a horrible or misinformed idea, but why
not blake2s the preshared-key with each peer's public key and distribute
that as a per-peer "preshared" key, mixing it in last? That would reduce
the risk of key compromise, since each peer would have a unique key and
the real