potential preshared-key changes

crasm at wireguard.1.email.vczf.io crasm at wireguard.1.email.vczf.io
Sun Apr 23 09:05:36 CEST 2017

Forgive me in advance if this is a horrible or misinformed idea, but why
not blake2s the preshared-key with each peer's public key and distribute
that as a per-peer "preshared" key, mixing it in last? That would reduce
the risk of key compromise, since each peer would have a unique key and
the real key is not copied to each peer.

I do like identity hiding, but I can't tell if there's a way for the
above to work without exposing public keys (at least considering roaming

More information about the WireGuard mailing list