Cloudflare's VPN Warp Is Switching from WireGuard to Masque
blog.cloudflare.comTitle was editorialised - Cloudflare isn't switching, they are _adding_ Masque. There's even an "We’re not saying goodbye to Wireguard" heading in there.
@dang can you please uneditorialize this title back to the original: "Donning a MASQUE: building a new protocol into Cloudflare WARP"
@aofeisheng please see the HN guidelines: "Otherwise please use the original title, unless it is misleading or linkbait; don't editorialize."
@ signs don’t have any meta value at HN. If you want a response from the mods, you’ll need to email them using the footer contact link. Per the HN guidelines:
> Please don't post on HN to ask or tell us something. Send it to hn@ycombinator.com.
> Finally, neither the protocol nor the cryptography it uses are standards-based, making it difficult to keep up with the strongest known cryptography (post-quantum crypto, for example).
Isn't WireGuard post-quantum safe with pre-shared keys?
> ...connections are made through port 443, which for both TCP and UDP blends in well with general HTTP/3 traffic and is less susceptible than Wireguard to blocking.
HTTP3 over QUIC is blanket blocked in many countries (due to QUIC's built-in censorship resistance).
I'm guessing WireGuard PSK is post quantum safe, because it doesn't depend on a private/public keypair?
Could you please explain what does it mean in PSK context? Any relevant link.
If you pre share symmetric keys, you are only dependent on symmetric keys. Symmetric key cryptography is mostly quantum safe already, although you may need to double your key size.
Probably not post-quantum safe. The first standards just came last year. And there are still arguments that these standards are not good enough. Some were compromised already.
Edit, correction: the one considered standard algorithm was broken https://www.theregister.com/2022/08/03/nist_quantum_resistan...
And yes, anything which uses symmetrical keys is post-quantum safe. But you can't always use them and there are other problems.
every one of these statements needs an authoritative reference
It's WireGuard, not Wireguard.