Reflections on WireGuard Design Goals

Kalin KOZHUHAROV me.kalin at gmail.com
Fri Aug 10 18:38:19 CEST 2018


On Fri, 10 Aug 2018, 19:04 Brian Candler, <b.candler at pobox.com> wrote:

> On 10/08/2018 16:03, Roman Mamedov wrote:
>
> But I'd feel a lot happier if a second level of authentication were
> required to establish a wireguard connection, if no packets had been
> flowing for more than a configurable amount of time - say, an hour. It
> would give some comfort around lost/stolen devices.
>
> Couldn't you just encrypt your home directory? Or even the root FS entirely.
> Either of those should be a must on a portable device storing valuable
> information.
>
> But by analogy, would you say that SSH keys and PGP keys don't need
> protection by a passphrase?
>
Yes, I will say so. I (almost) never use it, it is either too unsecure yet
cumbersome, so I use separate devices (nFA), encrypted FS, etc. where
needed. Or nothing at all.

Kalin.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180810/b32b3898/attachment.html>


More information about the WireGuard mailing list