A deep dive into the WireGuard Protocol.
Recently the WireGuard protocol has been gaining tons attention within the Internet security community, So by this opportunity I would like to introduce and analyze this trending new protocol.
So here's a bit history of the protocol
WireGuard was initially created and released by Jason A. Donenfield in 2015 as a Linux kernel module. As
of May 2019, it is still in process of being upstreamed. Support for
other platforms (AKA Windows, Android, Mac) is provided by a
cross-platform wireguard-go implementation.
The protocol solely depends on UDP as the transport protocol,
There is no standard port and typically WireGuard is detected through heuristics.
So How does it work?
A process called Cryptokey Routing is at the heart of WireGuard encryption. The mechanism works by associating public encryption keys with a list of VPN tunnel IP addresses which are allowed inside the tunnel.
A unique private key and a list of peers is associated with each network interface. Each of the peers has a short and simple public key, used in authenticating it with other peers. These public keys may be distributed for use in configuration files in a number of ways, much like the transmission of SSH public keys.
In any server configuration, each peer (client application, etc.) can
send packets to the network interface having a source IP address
matching its corresponding list of allowed IP addresses. When the
network interface wishes to send a packet to a peer, it looks at the
destination IP of the data packet, and compares it to each peer's list
of allowed IPs, in order to determine which peer to send it to.
Could it be a new game-changer?
Well from my perception WireGuard appears to be the future for VPNs to secure our internet , with an extremely well made cryptography, a secure auditable
code base, It's a both solid and innovative protocol that fits for all platforms