Introducing WireGuard® Protocol: What You Need to Know
Updated on July 13, 2021: From now on, traffic filtering, malware protection, and suspicious DNS activity blocking are available as a part of the separate DNS Firewall app.
The cybersecurity world is evolving and so does KeepSolid VPN Unlimited! Keeping up with the latest technology trends, we are implementing the next-generation VPN protocol WireGuard®. Though it’s still under development and in the testing phase, it is already forecasted to outperform the existing protocols in many aspects. What is WireGuard®, why use it, what advantages it can boast of, how to use WireGuard® in KeepSolid VPN Unlimited app? Read on and find answers in this piece!
- What is the WireGuard® protocol
- Why use WireGuard® VPN protocol: main advantages
- How to start using WireGuard® protocol
- Bottom line on WireGuard® VPN protocol
What is the WireGuard® protocol
WireGuard® is a new open-source VPN protocol that uses state-of-the-art cryptography and aims to be simpler, faster, and more secure than the existing VPN protocols. It is considered to be better designed than the IPSec protocol and to provide better performance than OpenVPN.
Developed by Jason Donenfeld and introduced in 2018, WireGuard® was quickly accepted by users worldwide. It even caught the attention of Linux Torvalds, the developer behind Linux, who called it a work or art:
Can I just once again state my love for it (WireGuard®) and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art.
What’s so special about WireGuard®? Well, it does have some advantages over the existing VPN protocols.
Why use WireGuard® VPN protocol: main advantages
Updated encryption technology
Jason Donenfeld intended to upgrade what he considered to be the outdated aspects of OpenVPN and IPSec protocols. This said, WireGuard® eschews standard algorithms that have long-lasting weaknesses in favor of the most modern, strongest cryptographic primitives (low-level algorithms). As stated on the WireGuard® website, the following ciphers are used:
- ChaCha20 for symmetric encryption, using Poly1305 for authentication
- Curve25519 for ECDH (Elliptic-curve Diffie-Hellman, a key agreement protocol for establishing a shared secret over an insecure channel)
- SipHash24 for hashable keys
- BLAKE2s for hashing and keyed hashing
- HKDF for key derivation
Simple code base
The WireGuard® protocol features much lighter build than most VPN protocols (at least open-source ones, with visible codes). All in all, WireGuard® weighs around 4000 lines of code, which is in stark contrast to 600 000 total lines of OpenVPN and OpenSSL combined. IPSec is also quite bulky, featuring 400 000 lines with XFRM and StrongSwan together.
What’s the benefit? Actually, there are several advantages:
- Fewer lines of code imply much less attack surface in comparison to OpenVPN and IPSec.
- Smaller code base is much easier to audit. OpenVPN would require a team of auditors who’d be checking it for days, while one person can audit WireGuard®’s code in just a few hours.
- Easier audit means it’s easier to find vulnerabilities and keep the protocol secure.
- Less bulky code also means it is more likely to work as it’s supposed to.
High-speed cryptographic primitives and peculiarities of WireGuard® technology potentially bring significant performance improvements, both on small devices like smartphones and loaded backbone routers.
WireGuard®’s small code base allows it to offer users quite decent speeds. It should allegedly be capable of establishing connections and handshakes faster, at the same time offering enhanced reliability. Mobile users should especially benefit from WireGuard® as it is designed to be less resource-consuming and not eat up too much battery.
All in all, WireGuard® protocol should outperform other protocols in terms of:
- Longer battery life on smartphones and tablets
- Faster connection and reconnection
Though originally released for Linux-based operating systems, WireGuard® can now be adapted for a number of different platforms. For example, it may be used on systems running macOS, Ubuntu, iOS, and Android, thus covering a wide range of devices.
How to start using WireGuard® protocol
Currently, there aren’t many WireGuard® VPN providers. However, KeepSolid VPN Unlimited offers you an opportunity to try out this most modern VPN protocol yourself. All you need to do is follow a few simple steps below:
- Download KeepSolid VPN Unlimited app.
- Create your KeepSolid ID or log in.
- Navigate to the app Menu > Settings.
- Go to Protocols and select WireGuard®.
- Start exploring the next-gen protocol!
Note: Currently, we’ve implemented WireGuard® protocol in the macOS and Android versions of KeepSolid VPN Unlimited app. Though already available for Personal Server and Personal IP users, WireGuard® on Windows and iOS for all VPN servers is coming soon, stay tuned!
Bottom line on WireGuard® VPN protocol
Providing high-speed connection and unmatched security at the same time is a constant challenge for VPN services. However, the innovative WireGuard® solution brings radical change in the industry, featuring simple build, fast connection speed, and strong cryptography.
Dive into the new enhanced VPN experience with KeepSolid VPN Unlimited and WireGuard®, the VPN protocol of the future!
“WireGuard” is a registered trademark of Jason A. Donenfeld.