Debunking the myths surrounding WireGuard – TechRadar Singapore

WireGuard has certainly made the VPN industry stand up and take notice in recent times. This high speed, secure and low footprint open-source protocol utilizes state-of-the-art cryptography and offers stiff competition for the likes of IPsec and OpenVPN. From the users point of view, what benefits can they expect from WireGuard and what are some of the myths surrounding its use that have been touted in the media and elsewhere?

About the author

Tomislav ohar is the founder of hide.me VPN.

The use of more modern and efficient cryptographic techniques means that WireGuard is an extremely fast protocol that doesnt sacrifice security. WireGuard works from within the Linux kernel meaning that it can process data faster - this eliminates much of the latency associated with other VPN protocols. With security in mind, WireGuard is a lot newer than the likes of OpenVPN, which means it was built from the ground up to support more modern encryption methods and hash functions such as ChaCha20, BLAKE2s, SipHash24, HKDF, and Curve25519.

WireGuard also offers a lower footprint - unlike OpenVPN and IPsec, it was made to be as lightweight as possible and can be implemented with just a few thousand lines of code. This has the added benefit of making for a smaller attack surface, which in turn makes auditing the code a much more simple and efficient process. And it also has built-in roaming capabilities allowing users to switch from something like Wi-Fi to 4G LTE, seamlessly whilst connected.

WireGuard uses your network more efficiently than other protocols. Its overhead is just a mere 32 bytes while other protocols use much more space for their signaling. This means more space for your data and, in turn, higher throughput.

Taking all of these benefits into account, recent media coverage and some claims have certainly been a cause to raise eyebrows. Lets take a look at just a few of the myths that have been circulating in recent weeks and months so that you can better understand exactly what WireGuard can deliver.

Some are, but that heavily depends on the circumstances and is not really related to crypto. What good is a speedy crypto if you're connected through a dialup modem? Also, if you are a provider that supports much faster protocols (such as SoftEther on Windows or IKEv2 on anything else), then WireGuard isn't going to deliver dramatic speed promises.

Actually, WireGuard doesnt demand anything. It behaves just like any other protocol - it operates as a versatile cryptographic piece of a larger puzzle called a VPN tunnel. It's really more about how you manage it. Using a simple or rigid setup means static IPs on the servers. But it can be managed dynamically. Adding IPs when they're needed and getting rid of them as soon as the VPN session is done, means that WireGuard may behave just like any other VPN protocol.

No it doesnt - its the same ball game. Just like the other protocols. It really doesnt get more simple than that.

Not true at all - IPSec is way faster on all platforms! IPSec is way faster because it runs in the kernel too, but is way more optimized for Intel CPUs. The thing is, running within the kernel is a major speedup, but WireGuard is not the only protocol to run that way. PPTP/L2TP do too. OpenVPN developers plan to release a kernel module for Linux soon. SoftEther, which is completely running in the userspace, outperforms WireGuard when the throughput is the primary concern.

Actually, it only supports one method of key exchange. Only one AEAD is supported. Other VPN protocols support a plethora of cryptography systems but tend to settle on AES. AES is not flawed, no exploit has been found yet. Also, AES cipher ( Rijndael is the actual cipher name ) is cryptographically stronger than ChaCha20 which is used by WireGuard. However, It is computationally expensive when compared to ChaCha20. ChaCha20 is a tradeoff, best bang for the buck. One could argue that Poly1305 MAC is stronger than GCM, but then again we come to the point of AES-GCM being supported in the hardware.

WireGuard certainly is an interesting VPN protocol with the ability to be a game changer for the VPN industry. In comparison to some existing VPN protocols, WireGuard may offer faster speeds and better reliability with new and improved encryption standards. As it increases in popularity and demand increases, it is inevitable that more VPN services will include WireGuard into their frameworks.

The rest is here:
Debunking the myths surrounding WireGuard - TechRadar Singapore