On 17.05.2018 07:03, Roman Mamedov wrote: > Personally I am puzzled this is even an issue in WG. Not a single other VPN > protocol mandates every node to keep a monotonically increasing counter, > including even over reboots.
Wireguard's connection setup is a whole lot simpler than most other protocols. It basically doesn't require a "real" handshake, just a request/reply pair. Thus it's vulnerable against disruption by replay attacks – a replayed rekey packet would disrupt conversation until the real sender times out, a minute later. -- -- Matthias Urlichs _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
