[ignoramous]

> Finally, neither the protocol nor the cryptography it uses are standards-based, making it difficult to keep up with the strongest known cryptography (post-quantum crypto, for example).

Isn't WireGuard post-quantum safe with pre-shared keys?

> ...connections are made through port 443, which for both TCP and UDP blends in well with general HTTP/3 traffic and is less susceptible than Wireguard to blocking.

HTTP3 over QUIC is blanket blocked in many countries (due to QUIC's built-in censorship resistance).

[rubatuga]

I'm guessing WireGuard PSK is post quantum safe, because it doesn't depend on a private/public keypair?

[betaby]

Could you please explain what does it mean in PSK context? Any relevant link.

[MattPalmer1086]

If you pre share symmetric keys, you are only dependent on symmetric keys. Symmetric key cryptography is mostly quantum safe already, although you may need to double your key size.

[nicce]

Probably not post-quantum safe. The first standards just came last year. And there are still arguments that these standards are not good enough. Some were compromised already.

Edit, correction: the one considered standard algorithm was broken https://www.theregister.com/2022/08/03/nist_quantum_resistan...

And yes, anything which uses symmetrical keys is post-quantum safe. But you can't always use them and there are other problems.

[mistrial9]

every one of these statements needs an authoritative reference