alcinnz
VPNs are a tool for securely connecting to remote networks, primarily intended for sysadmins in emergencies. Though now its frequently advertised as a privacy technology, which isn't entirely honest as it doesn't so much remove the trust you must place in your ISP but rather transfers it to the VPN provider. Which can be valid!
WireGuard is a relatively-new elegant & opinionated protocol for connecting to a VPN. Should be faster & more secure!
How'd I implement it in my hypothetical?
1/?
M1k3yv2
@alcinnz I mean I use a VPN if I connect to a public Wi-Fi not because like privacy or anything just so like I don't get any man in the middle attacks or any ISP blocking cuz sometimes I connect networks that have ISP blocking but for privacy really doesn't do anything
alcinnz
WireGuard's cryptography consists of IETF RFC7539 (ChaCha20 with Poly1305), Cuve25519 for Elliptic Curve-based Diffie Hellman handshakes, BLAKE2s (RFC7693), & HKDF (RFC5869) for deriving keys. It may also use SipHash24 for implementing hashtable, though I'm not sure that's relevant to external callers.
I'll describe these algorithms over the following days!
After exchanging some handshake UDP packets to establish encryption parameters, WireGuard exchanges encrypted IP packets over UDP.
2/4?
alcinnz
A WireGuard packet starts (after the UDP header) with a byte indicating ts type (handshake initiation, handshake response, or data) & 3 reserved bytes.
The handshake initiation follows up with a 32bit (4byte) ID for this peer, diffie-hellman 32byte public key, some "static" data derived from hash of the previous fields & various other cryptography, & a cryptographically-authenticated timestamp.
The response holds both peer's IDs, server's crypto-key, & a cryptographically-authenticated 0.
3/4
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.