quoted
So are you saying that the handshake timing constraints in the
WireGuard protocol are so stringent that we can't run it securely on,
e.g., an ARM CPU that lacks a NEON unit? Or given that you are not
providing accelerated implementations of blake2s or Curve25519 for
arm64, we can't run it securely on arm64 at all?
Deployed at scale, the handshake must have a certain performance to
not be DoS'd. I've spent a long time benching these and attacking my
own code. I won't be comfortable with this going in without the fast
implementations for the handshake.
As a networking guy, the relation between fast crypto for handshake
and DoS is not obvious. Could you explain this a bit?
It seems like a lot of people would like an OpenWRT box to be their
VPN gateway. And most of them are small ARM or MIPs processors. Are
you saying WireGuard will not be usable on such devices?
Thanks
Andrew