On 8/24/19 4:08 PM, Matthias Urlichs wrote:
Anyone with *root* access to the running machine can do that. They also can trivially read the kernel memory (if nothing else, by installing a module) and walk the kernel data structures to find the private and/or shared key.
No, anyone with root access can only get the shared key used for encrypting data, not the actual private key. The private key does never leave the device.
Does this add enough extra security to be worth it? No idea. I haven't worked much with systems like this, only a little bit with SSL and SmartCards.
Andreas _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
