WolfGuard: WireGuard with FIPS 140-3 cryptography

(github.com)

38 points by 789c789c789c1 hour ago

6 comments

  • elevation53 minutes ago
    Wireguard exemplifies the superiority of a qualified independent developer over the fractal layers of ossified cruft that you get from industry efforts and compliance STIGS.<p>So it feels wrong to see wireguard adapted for compliance purposes. If compliance orgs want superior technology, let their standards bodies approve&#x2F;adopt wireguard without modifying it.
    • dmbche17 minutes ago
      &gt; fractal layers of ossified cruft<p>Someone got a thesaurus in their coffee today! (Not a jab)
    • jmclnx19 minutes ago
      Yes, but be aware, openvpn is much better if you live in a Country like China, Russia and a few others. That is due to a known design issue with wireguard.<p>For most people, wireguard is fine.
      • LunaSea16 minutes ago
        Could you expand on the design flaw in question?
        • eptcyka12 minutes ago
          OpenVPN looks like a regular tls stream - difficult to distinguish between that and a HTTPS connection. WireGuard looks like WireGuard. But you can wrap WireGuard in whatever headers you might want to obfuscate it and the perf will still be better.
          • tptacek0 minutes ago
            It&#x27;s trivial to make WireGuard look like a regular TLS stream. It&#x27;s probably not worth a 15 year regression in security characteristics just to get that attribute; just write the proxy for it and be done with it. It was a 1 day project for us (we learned the hard way that a double digit percentage of our users simply couldn&#x27;t speak UDP and had to fix that).
        • jmclnx14 minutes ago
          It is not a design flaw, but a design choice.<p>&gt;OpenVPN does not store any of your private data, including IP addresses, on VPN servers, which is ideal.<p><a href="https:&#x2F;&#x2F;www.pcmag.com&#x2F;comparisons&#x2F;openvpn-vs-wireguard-which-protocol-is-best-for-your-vpn" rel="nofollow">https:&#x2F;&#x2F;www.pcmag.com&#x2F;comparisons&#x2F;openvpn-vs-wireguard-which...</a>
    • LtWorf37 minutes ago
      but wolfssl is in the business of selling FIPS compliance so…
      • alfanick35 minutes ago
        And they do it fast, thankfully Compliant Static Code Analyser catches issues like <a href="https:&#x2F;&#x2F;github.com&#x2F;wolfSSL&#x2F;wolfGuard&#x2F;commit&#x2F;fa21e06f26de201bf9139bf742f514ef9ddf4f28#diff-d0f0f5117b6e6bc7d9b9c8ae7197cf26cf0f972c6f056b689960c0b7f778ce36R253" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;wolfSSL&#x2F;wolfGuard&#x2F;commit&#x2F;fa21e06f26de201b...</a>
        • johnisgood3 minutes ago
          Holy shit. Those are rookie mistakes, that could end up being SEVERE.
  • AaronFriel1 hour ago
    The conventional wisdom in cryptography is that if you don&#x27;t know you need FIPS, if you don&#x27;t have paper and a dollar figure telling you how much you need it, you don&#x27;t need or want FIPS.
  • usui35 minutes ago
    I know software developers complain about forced compliance due to the security theatre aspects, but I would like to charitably ask from someone who has technical understanding of FIPS-compliant cryptography. Are there any actual security advantages on technical grounds for making WireGuard FIPS-compliant? Assume the goal is not to appease pencil pushers. I really want to know if this kind of effort has technical gains.
    • briandw22 minutes ago
      My limited understanding is that issues like being vulnerable to side channel attacks are very difficult to detect. So you have to have shown that the entire development process is safe. From the code to the compiler to the hardware to the microcode, it all needs to be checked. That said it does seem like compliance is a bigger priority than safety.
    • loeg29 minutes ago
      There is no security advantages or technical grounds for using FIPS algorithms in a WireGuard clone instead of Chacha &#x2F; Blake2. It&#x27;s purely a compliance move. ChaPoly, Blake2, etc, are not known to be broken and we have every reason to believe they are strong.
    • alfanick33 minutes ago
      I presume it&#x27;s a product strategy to provide a box of &quot;compliant&quot; libraries&#x2F;services, so other companies can quickly tick and sign a checkbox saying &quot;we use compliant VPN&quot;, because someone else is going to look whether the checkbox is ticked and signed, because someone else is going to...
      • NewJazz29 minutes ago
        You failed to answer the question. Why did you reply?
  • PunchyHamster40 minutes ago
    So a step backward in security ?
    • kstrauser33 minutes ago
      In fairness, modern versions of FIPS are much less awful. AFAICT it&#x27;s now possible to be FIPS compliant <i>and</i> meet reasonable crypto expectations, which was not always the case before.
    • loeg21 minutes ago
      It&#x27;s fine. None of the FIPS algorithms are known to be broken, either. The only risk here is implementation bugs doing the conversion and any maintenance burden incurred due to diverging from upstream wireguard.
  • pphysch52 minutes ago
    Can&#x27;t you also get FIPS 140-3 WireGuard by compiling wireguard-go with the new native FIPS support in Go?
    • inahga43 minutes ago
      The ciphers used by WireGuard are not FIPS 140-3 certified. So you have to also change the ciphers, as is done in this project.
      • loeg24 minutes ago
        E.g., ChaPoly AEAD -&gt; AES-GCM, Blake2s -&gt; SHA2&#x2F;3, that kind of thing.