GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    alcinnz (alcinnz@floss.social)'s status on Sunday, 03-Nov-2024 04:21:01 JST alcinnz alcinnz

    VPNs are a tool for securely connecting to remote networks, primarily intended for sysadmins in emergencies. Though now its frequently advertised as a privacy technology, which isn't entirely honest as it doesn't so much remove the trust you must place in your ISP but rather transfers it to the VPN provider. Which can be valid!

    WireGuard is a relatively-new elegant & opinionated protocol for connecting to a VPN. Should be faster & more secure!

    How'd I implement it in my hypothetical?

    1/?

    In conversation about 7 months ago from floss.social permalink
    • Embed this notice
      M1k3yv2 (m1k3yv2@ioc.exchange)'s status on Sunday, 03-Nov-2024 04:38:46 JST M1k3yv2 M1k3yv2
      in reply to

      @alcinnz I mean I use a VPN if I connect to a public Wi-Fi not because like privacy or anything just so like I don't get any man in the middle attacks or any ISP blocking cuz sometimes I connect networks that have ISP blocking but for privacy really doesn't do anything

      In conversation about 7 months ago permalink
    • Embed this notice
      alcinnz (alcinnz@floss.social)'s status on Sunday, 03-Nov-2024 04:42:14 JST alcinnz alcinnz
      in reply to

      WireGuard's cryptography consists of IETF RFC7539 (ChaCha20 with Poly1305), Cuve25519 for Elliptic Curve-based Diffie Hellman handshakes, BLAKE2s (RFC7693), & HKDF (RFC5869) for deriving keys. It may also use SipHash24 for implementing hashtable, though I'm not sure that's relevant to external callers.

      I'll describe these algorithms over the following days!

      After exchanging some handshake UDP packets to establish encryption parameters, WireGuard exchanges encrypted IP packets over UDP.

      2/4?

      In conversation about 7 months ago permalink
    • Embed this notice
      alcinnz (alcinnz@floss.social)'s status on Sunday, 03-Nov-2024 04:58:19 JST alcinnz alcinnz
      in reply to

      A WireGuard packet starts (after the UDP header) with a byte indicating ts type (handshake initiation, handshake response, or data) & 3 reserved bytes.

      The handshake initiation follows up with a 32bit (4byte) ID for this peer, diffie-hellman 32byte public key, some "static" data derived from hash of the previous fields & various other cryptography, & a cryptographically-authenticated timestamp.

      The response holds both peer's IDs, server's crypto-key, & a cryptographically-authenticated 0.

      3/4

      In conversation about 7 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.