Vyprvpn wireguard7/25/2023 With these obvious advantages, it's no surprise that WireGuard is now widely supported in the VPN world. WireGuard’s 'ping' time was slightly faster than the IPSec protocols but around three times faster than OpenVPN. OpenVPN was only able to transmit around 25% of the data WireGuard did, with the CPU being completely maxed out, like with IPSec. Using IPSec also maxed out the computer’s CPU unlike with WireGuard. In this test, WireGuard was able to transmit about 20% more data than the IPSec protocols. The first test related to data throughput over gigabit Ethernet relative to using IPSec with the stream ciphers ChaPoly and AES-GCM, as well as OpenVPN. While acknowledging that there’s a long road ahead, the WireGuard website’s performance page shows the results of some early benchmarking. How big? In August 2021 developer Donenfeld reported a WiFi speed increase from 95Mbps to 600Mbps with a new kernel-friendly Windows beta, though it's not yet clear how typical that might be. This can potentially deliver a big performance boost. As WireGuard lives inside the kernel, there’s no need for context switching, whereby the operating system has to store a process to be retrieved for execution later. So, Linux must do extra work (technically known as a 'context switch') to help OpenVPN work with the system, every time it sends or receives packets. Aside from using a fraction of the code of other implementations, WireGuard can run inside the Linux kernel, the guts of the OS which does all the low-level heavy lifting. In Information Security circles, experts like to stick with what’s familiar and there’s no question that WireGuard has been designed with security in mind.Īnother big advantage of WireGuard is efficiency. The decision of WireGuard’s developers to use established and efficient encryption and authentication protocols is a wise one. It’s one of the fastest curves of its kind, so it’s no wonder it’s included in the ultra-efficient WireGuard protocol as well as OpenSSH. It’s been around since 2005 and uses a 256-bit key to offer 128-bit encryption. This feature, sometimes known as a ‘random oracle’ also isn’t supported by SHA.Ĭurve25519 is an example of elliptic curve cryptography so, like ChaCha20, is designed specifically for securely transmitting data. This is hard to prove in practice but security researchers agree that BLAKE2 succeeds in doing this to a large extent. This is a concept which gets cryptographers excited - in simplest terms the idea is that a cipher or hash function should be indistinguishable from truly random data. BLAKE2 simply works faster than other well-known hash functions like SHA or MD5. In crypto circles, it’s generally safer to stick with what’s familiar after all.įor starters, this decision to use BLAKE2 over SHA is one of efficiency. The benefits of ChaCha20 are clear, as it’s the most popular stream cipher out there but those in the know also may wonder at the decision of WireGuard’s developers to use the BLAKE2 hash function, rather than something more familiar like SHA256. This occurs when hackers try to work out the encryption protocols you’re using by measuring the time it takes to implement certain algorithms. In brief, this makes it much harder for an attacker to insert fake messages into your cipher stream to either redirect your traffic or make it easier for them to work out your encryption keys.īy using ChaCha20-Poly1305 over an AES cipher like AES-GCM, WireGuard is more resistant to 'timing attacks'. WireGuard does however, combine the ChaCha20 cipher with the Poly1305 message authentication code. This protocol is also specifically designed as a ‘stream cipher’ unlike AES, so doesn’t need anything to communicate securely. It can run perfectly in software using an ordinary CPU. The answer is really one of efficiency:ĬhaCha20 also uses a 256-bit encryption key but unlike AES doesn’t need a computer with a dedicated AES-friendly processor to run more efficiently. After all, it’s government-approved, military grade encryption software, which may be why OpenVPN uses a variant of it. You may wonder why WireGuard doesn’t rely on good old-fashioned 256-bit AES to encrypt data. (Image credit: StrongVPN) First-class cryptoĬryptography is another highlight, with WireGuard using state-of-the-art protocols such as Curve25519, ChaCha20, Poly1305 and BLAKE2.
0 Comments
Leave a Reply. |