[WireGuard] Options to obfuscate WireGuard traffic?

Jason A. Donenfeld Jason at zx2c4.com
Fri Jul 8 12:29:10 CEST 2016

On Fri, Jul 8, 2016 at 12:26 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> a) The first byte, which is a fixed `type` value.
> b) The fact that `mac2` is most often all zeros.
> c) The fixed length of handshake messages.
> d) The unencrypted ephemeral public key.

How could I forget?

e) Incremental nonce.

This system would clearly need to be replaced by random IVs -- using
something like xchacha20. Inside then would be an encrypted sequence
number to prevent replay attack.

More information about the WireGuard mailing list