Cloudflare's VPN Warp Is Switching from WireGuard to Masque (opens in new tab)

(blog.cloudflare.com)

70 pointsaofeisheng2y ago10 comments

10 comments

Title was editorialised - Cloudflare isn't switching, they are _adding_ Masque. There's even an "We’re not saying goodbye to Wireguard" heading in there.

sevg2y ago

@dang can you please uneditorialize this title back to the original: "Donning a MASQUE: building a new protocol into Cloudflare WARP"

@aofeisheng please see the HN guidelines: "Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize."

altairprime2y ago

@ signs don’t have any meta value at HN. If you want a response from the mods, you’ll need to email them using the footer contact link. Per the HN guidelines:

> Please don't post on HN to ask or tell us something. Send it to hn@ycombinator.com.

ignoramous2y ago

> Finally, neither the protocol nor the cryptography it uses are standards-based, making it difficult to keep up with the strongest known cryptography (post-quantum crypto, for example).

Isn't WireGuard post-quantum safe with pre-shared keys?

> ...connections are made through port 443, which for both TCP and UDP blends in well with general HTTP/3 traffic and is less susceptible than Wireguard to blocking.

HTTP3 over QUIC is blanket blocked in many countries (due to QUIC's built-in censorship resistance).

rubatuga2y ago

I'm guessing WireGuard PSK is post quantum safe, because it doesn't depend on a private/public keypair?

betaby2y ago

Could you please explain what does it mean in PSK context? Any relevant link.

MattPalmer10862y ago

If you pre share symmetric keys, you are only dependent on symmetric keys. Symmetric key cryptography is mostly quantum safe already, although you may need to double your key size.

nicce2y ago

Probably not post-quantum safe. The first standards just came last year. And there are still arguments that these standards are not good enough. Some were compromised already.

Edit, correction: the one considered standard algorithm was broken https://www.theregister.com/2022/08/03/nist_quantum_resistan...

And yes, anything which uses symmetrical keys is post-quantum safe. But you can't always use them and there are other problems.

mistrial92y ago

every one of these statements needs an authoritative reference

tptacek2y ago

It's WireGuard, not Wireguard.

j / k navigate · click thread line to collapse