[WireGuard] Options to obfuscate WireGuard traffic?
Jason A. Donenfeld
Jason at zx2c4.com
Fri Jul 8 12:29:10 CEST 2016
On Fri, Jul 8, 2016 at 12:26 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> a) The first byte, which is a fixed `type` value.
> b) The fact that `mac2` is most often all zeros.
> c) The fixed length of handshake messages.
> d) The unencrypted ephemeral public key.
How could I forget?
e) Incremental nonce.
This system would clearly need to be replaced by random IVs -- using
something like xchacha20. Inside then would be an encrypted sequence
number to prevent replay attack.
More information about the WireGuard