On 21.05.2018 16:56, Bruno Wolff III wrote: > If you want to go that route, you should just treat it as a two part > number. One for a boot count, that would get incremented every boot > and saved and a low order part that is reset to 0 at every boot. That'd work for me, though I prefer to use an opaque number / base64string-of-12-bytes that doesn't look like it means something. > Note that this scheme leaks information to the peer.
Rebooting is likely to leak that information anyway, because the peer sees a period with no packets from you (also, it can't ping you) followed by a possibly-premature re-key (depending on how long your boot process takes). I might also wonder why you'd peer with somebody whom you don't trust not to collect and/or abuse the information that you just rebooted … -- -- Matthias Urlichs _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
