[lifthrasiir]

> By "everything else", I also mean WireGuard. Did you know that if your machine gets far enough out of sync, that'll stop working, too? I had no idea that it apparently includes time in its crypto stuff, but what other explanation is there?

WireGuard only requires a monotonic clock, because it periodically rotates keys to provide the forward secrecy. Peer clocks are otherwise not required to be synchronized [1]. I guess the clock had a higher rate than usual and it couldn't be corrected due to the lack of RTC?

[1] https://www.wireguard.com/papers/wireguard.pdf#page=7 "In fact, it does not even have to be an accurate timestamp; it simply must be a per-peer monotonically increasing 96-bit number."

[josephg]

Why does it use the time then? Why not just increment its own 96 bit number whenever you use it?

[lifthrasiir]

Because it is required to be monotonic per peer. WireGuard has no intrinsic states, so multiple machines with the same peer key will be seen as a single peer and that is actually a legitimate use of WireGuard. These machines would have to be synchronized to each other (but not necessarily to the external clock), and using a time is a straightforward and reasonable way to ensure this.

[apexalpha]

So could you share a single set of keys on multiple machines and Wireguard will work, as long as all machines use the same ntp server?

[lifthrasiir]

Technically yes, but I don't think (but haven't exactly confirmed) that you can initiate a new session to itself.