The conventional wisdom in cryptography is that if you don't know you need FIPS, if you don't have paper and a dollar figure telling you how much you need it, you don't need or want FIPS.
elevation•40m ago
Wireguard exemplifies the superiority of a qualified independent developer over the fractal layers of ossified cruft that you get from industry efforts and compliance STIGS.
So it feels wrong to see wireguard adapted for compliance purposes. If compliance orgs want superior technology, let their standards bodies approve/adopt wireguard without modifying it.
LtWorf•23m ago
but wolfssl is in the business of selling FIPS compliance so…
Yes, but be aware, openvpn is much better if you live in a Country like China, Russia and a few others. That is due to a a known design issue with wireguard.
For most people, wireguard is fine.
LunaSea•2m ago
Could you expand on the design flaw in question?
dmbche•3m ago
> fractal layers of ossified cruft
Someone got a thesaurus in their coffee today! (Not a jab)
pphysch•39m ago
Can't you also get FIPS 140-3 WireGuard by compiling wireguard-go with the new native FIPS support in Go?
inahga•29m ago
The ciphers used by WireGuard are not FIPS 140-3 certified. So you have to also change the ciphers, as is done in this project.
loeg•10m ago
E.g., ChaPoly AEAD -> AES-GCM, Blake2s -> SHA2/3, that kind of thing.
PunchyHamster•26m ago
So a step backward in security ?
kstrauser•19m ago
In fairness, modern versions of FIPS are much less awful. AFAICT it's now possible to be FIPS compliant and meet reasonable crypto expectations, which was not always the case before.
loeg•8m ago
It's fine. None of the FIPS algorithms are known to be broken, either. The only risk here is implementation bugs doing the conversion and any maintenance burden incurred due to diverging from upstream wireguard.
usui•21m ago
I know software developers complain about forced compliance due to the security theatre aspects, but I would like to charitably ask from someone who has technical understanding of FIPS-compliant cryptography. Are there any actual security advantages on technical grounds for making WireGuard FIPS-compliant? Assume the goal is not to appease pencil pushers. I really want to know if this kind of effort has technical gains.
alfanick•20m ago
I presume it's a product strategy to provide a box of "compliant" libraries/services, so other companies can quickly tick and sign a checkbox saying "we use compliant VPN", because someone else is going to look whether the checkbox is ticked and signed, because someone else is going to...
NewJazz•16m ago
You failed to answer the question. Why did you reply?
loeg•15m ago
There is no security advantages or technical grounds for using FIPS algorithms in a WireGuard clone instead of Chacha / Blake2. It's purely a compliance move. ChaPoly, Blake2, etc, are not known to be broken and we have every reason to believe they are strong.
AaronFriel•56m ago