Re: [WireGuard] auth-only wireguard
Hi Bruno, On Oct 6, 2016 9:29 PM, "Bruno Wolff III"wrote: > Someone able to watch and modify traffic can wait for authentication to occur and then take over the connection. So you don't know you are still communicating with the party that did the authentication. You need something protecting message integrity which is normally based on encryption, but I think there might be ways to do that with just hashing. You're misunderstanding terminology, I think. Rather than polluting this thread here, I'd be happy to explain to you on IRC -- I'm zx2c4 on freenode. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [WireGuard] auth-only wireguard
On Thu, Oct 06, 2016 at 19:32:36 +0200, "Jason A. Donenfeld"wrote: On Thu, Oct 6, 2016 at 5:03 PM, Bruno Wolff III wrote: Without encryption you authentication won't be useful against attackers that can modify packets or insert packets with the source address of your contact. Either I've misunderstood you, or this is completely inaccurate. What do you mean exactly? Someone able to watch and modify traffic can wait for authentication to occur and then take over the connection. So you don't know you are still communicating with the party that did the authentication. You need something protecting message integrity which is normally based on encryption, but I think there might be ways to do that with just hashing. ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [WireGuard] auth-only wireguard
Dear NSA, No. Love, Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/wireguard