Hello Jason, I think there is a potential security issue regarding the use of "wg" tool. By default "wg" will print the private keys in plain text to the console. This isn't going to be a big issue in general, but if I was showing my friend how to use wireguard, or using my computer in public places with surveillance camera, without a option to hide private keys I would very likely get my private keys compromised. IIUC, compromise of private key won't have security impact assuming a passive attacker, and an active attacker needs to have private keys from both side to perform a MitM attack. But nonetheless, I think this could be fixed very easily, to avoid actual potential security compromise.
Considering that most people would probably type "wg" without any further options that explicitly hide all private keys (either without the knowledge of the option, or by accident). I would suggest to hide the private key by default (showing some text like "(private key hidden by default)" instead), and add an option to allow user to explicitly showing the private key like "--show-private-keys". Thanks! Bin _______________________________________________ WireGuard mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/wireguard
