WG: Need for HW-clock independent timestamps
Matthias Urlichs
matthias at urlichs.de
Mon May 21 17:34:42 CEST 2018
On 21.05.2018 16:56, Bruno Wolff III wrote:
> If you want to go that route, you should just treat it as a two part
> number. One for a boot count, that would get incremented every boot
> and saved and a low order part that is reset to 0 at every boot.
That'd work for me, though I prefer to use an opaque number /
base64string-of-12-bytes that doesn't look like it means something.
> Note that this scheme leaks information to the peer.
Rebooting is likely to leak that information anyway, because the peer
sees a period with no packets from you (also, it can't ping you)
followed by a possibly-premature re-key (depending on how long your boot
process takes).
I might also wonder why you'd peer with somebody whom you don't trust
not to collect and/or abuse the information that you just rebooted …
--
-- Matthias Urlichs
More information about the WireGuard
mailing list