Need for HW-clock independent timestamps
Matthias Urlichs
matthias at urlichs.de
Thu May 17 07:53:17 CEST 2018
On 17.05.2018 07:03, Roman Mamedov wrote:
> Personally I am puzzled this is even an issue in WG. Not a single other VPN
> protocol mandates every node to keep a monotonically increasing counter,
> including even over reboots.
Wireguard's connection setup is a whole lot simpler than most other
protocols. It basically doesn't require a "real" handshake, just a
request/reply pair. Thus it's vulnerable against disruption by replay
attacks – a replayed rekey packet would disrupt conversation until the
real sender times out, a minute later.
--
-- Matthias Urlichs
More information about the WireGuard
mailing list