BLAKE2 simply works faster than other well-known hash functions like SHA or MD5. In crypto circles, it’s generally safer to stick with what’s familiar after all.įor starters, this decision to use BLAKE2 over SHA is one of efficiency.
The benefits of ChaCha20 are clear, as it’s the most popular stream cipher out there but those in the know also may wonder at the decision of WireGuard’s developers to use the BLAKE2 hash function, rather than something more familiar like SHA256. This occurs when hackers try to work out the encryption protocols you’re using by measuring the time it takes to implement certain algorithms. In brief, this makes it much harder for an attacker to insert fake messages into your cipher stream to either redirect your traffic or make it easier for them to work out your encryption keys.īy using ChaCha20-Poly1305 over an AES cipher like AES-GCM, WireGuard is more resistant to 'timing attacks'. WireGuard does however, combine the ChaCha20 cipher with the Poly1305 message authentication code. This protocol is also specifically designed as a ‘stream cipher’ unlike AES, so doesn’t need anything to communicate securely.
Ivpn protocols software#
It can run perfectly in software using an ordinary CPU.
The answer is really one of efficiency:ĬhaCha20 also uses a 256-bit encryption key but unlike AES doesn’t need a computer with a dedicated AES-friendly processor to run more efficiently. After all, it’s government-approved, military grade encryption software, which may be why OpenVPN uses a variant of it. You may wonder why WireGuard doesn’t rely on good old-fashioned 256-bit AES to encrypt data. (Image credit: StrongVPN) First-class cryptoĬryptography is another highlight, with WireGuard using state-of-the-art protocols such as Curve25519, ChaCha20, Poly1305 and BLAKE2.
0 kommentar(er)
