Ephemeral key lifetime & system sleep

Kalin KOZHUHAROV me.kalin at gmail.com
Thu Dec 8 03:12:34 CET 2016

On Thu, Dec 8, 2016 at 7:04 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> I think scrubbing the ephemeral keys prior to suspend is the right thing
> to do.  It's simpler to reason about, sounds straightforward to
> implement, the usability cost isn't that great, and it's likely to be
> the right thing in almost all long-term suspend cases.

I never use suspend, except when I need to hack some suspect hardware
(forensics), or ATA SECURITY ERASE a "frozen" drive (anti-forensics).
kill_on_suspend is better, given that it will be auto re-established on resume.


More information about the WireGuard mailing list