WireGuard is an upcoming project to replace IPSec with a newer more modern and secure VPN protocol. It lives inside the kernel and provides a very simple and novel interface for setting up secure encrypted network tunnels. All the cryptography is cutting edge — DJB’s Curve25519, ChaCha20, and Poly1305 — and deployment aims to be a model as simple as SSH’s authorized_keys file. There are a number of interesting kernel programming techniques that have been utilized to make this extremely performant, and some interesting uses of the netdevice sub queuing system.
Categories:
security
wp_statistics_words_count:
92
speaker:
Jason DONENFELD
year: