Re: [RFC PATCH 00/18] crypto: wireguard using the existing crypto API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > So are you saying that the handshake timing constraints in the
> > WireGuard protocol are so stringent that we can't run it securely on,
> > e.g., an ARM CPU that lacks a NEON unit? Or given that you are not
> > providing accelerated implementations of blake2s or Curve25519 for
> > arm64, we can't run it securely on arm64 at all?
> 
> Deployed at scale, the handshake must have a certain performance to
> not be DoS'd. I've spent a long time benching these and attacking my
> own code.  I won't be comfortable with this going in without the fast
> implementations for the handshake. 

As a networking guy, the relation between fast crypto for handshake
and DoS is not obvious. Could you explain this a bit?

It seems like a lot of people would like an OpenWRT box to be their
VPN gateway. And most of them are small ARM or MIPs processors. Are
you saying WireGuard will not be usable on such devices?

Thanks
	Andrew



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux