|
|
|
|
|
|
by sevenoftwelve
1203 days ago
|
|
|
Rosenpass author here; Mate, you could just read the codeā¦or give it a try ;) > the WG author seems like he doesn't care about PQC This is plainly not true; WG supports post-quantum security with the use of the PSK mechanism as we do.
PQ-crypto is high quality but it is also new and fairly inefficient; not a good thing to integrate into the kernel directly. Using the PSK mechanism is the best way to do this I know of at this point in time. > It's also not clear how the WG PSK change is coordinated, and whether that entails a brief loss of connectivity - packet loss, latency spike. WireGuard establishes a session with the existing PSK; we replace the PSK every two minutes but WireGuard keeps its established session around until it renegotiates a session. Both WG and RP rekey their session every two minutes; there is no interruption. |
|
|
Because afaik the moment the PSK is changed all packets immediately start being encrypted by it.
If the change doesn't coincide on both the sender and receiver (within an instant), there will be dropped packets until both PSK's are the same again. Being separate from WG, I don't see how you can insert yourself into their state machine for better coordination.