Cloudflare's VPN Warp Is Switching from WireGuard to Masque (opens in new tab)

(blog.cloudflare.com)

70 pointsaofeisheng2y ago10 comments

10 comments

Title was editorialised - Cloudflare isn't switching, they are _adding_ Masque. There's even an "We’re not saying goodbye to Wireguard" heading in there.

sevg2y ago

@dang can you please uneditorialize this title back to the original: "Donning a MASQUE: building a new protocol into Cloudflare WARP"

@aofeisheng please see the HN guidelines: "Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize."

altairprime2y ago

@ signs don’t have any meta value at HN. If you want a response from the mods, you’ll need to email them using the footer contact link. Per the HN guidelines:

> Please don't post on HN to ask or tell us something. Send it to hn@ycombinator.com.

ignoramous2y ago

> Finally, neither the protocol nor the cryptography it uses are standards-based, making it difficult to keep up with the strongest known cryptography (post-quantum crypto, for example).

Isn't WireGuard post-quantum safe with pre-shared keys?

> ...connections are made through port 443, which for both TCP and UDP blends in well with general HTTP/3 traffic and is less susceptible than Wireguard to blocking.

HTTP3 over QUIC is blanket blocked in many countries (due to QUIC's built-in censorship resistance).

rubatuga2y ago

I'm guessing WireGuard PSK is post quantum safe, because it doesn't depend on a private/public keypair?

betaby2y ago

Could you please explain what does it mean in PSK context? Any relevant link.

1 more reply

nicce2y ago

Probably not post-quantum safe. The first standards just came last year. And there are still arguments that these standards are not good enough. Some were compromised already.

Edit, correction: the one considered standard algorithm was broken https://www.theregister.com/2022/08/03/nist_quantum_resistan...

And yes, anything which uses symmetrical keys is post-quantum safe. But you can't always use them and there are other problems.

mistrial92y ago

every one of these statements needs an authoritative reference

tptacek2y ago

It's WireGuard, not Wireguard.

j / k navigate · click thread line to collapse