- Oct 1, 2019
The key to virtual private networks - or VPN - is the creation of the encrypted tunnel from the client to the VPN server. Through this tunnel, all the internet data is transmitted back and forth. The privacy of the VPN connection is based on the encryption used, to keep the data going through it secure from both hackers and others - like your ISP - that want to take a peek.
There are plenty of options for the encrypted data VPN protocol, each with its advantages and disadvantages. Some popular ones are PPTP, SSTP, and OpenVPN (which has both TCP and UDP variants). The goals of any of these encryption protocols is to provide a high level of encryption, with a low overhead of computing resources. While OpenVPN remains quite popular with its 256-bit encryption, it does go back to 2001, and much has changed with computing since Windows XP debuted.
WireGuard is a more recent entry into the world of VPN encryption protocols and is just beginning to gain more traction in the cybersecurity sphere. In this article, we're taking a closer look at WireGuard.
A lighter VPN protocol...
WireGuard's developer is Jason A. Donenfeld who has a background in online security, with current development done by Edge Security LLC. While it was initially developed for the mainstream Linux kernel, it is currently cross-platform, with support for the major operating systems of Windows, Mac, iOS and Android.
The main advantage of WireGuard is that it runs much lighter and is designed to offer encryption with less overhead. When compared to the more common OpenVPN and IPsec protocols, WireGuard demonstrates benefits with both faster throughput speeds, and lower ping times.
While WireGuard’s code is said to contain about 4,000 lines, this is far less than the 100,000+ lines of code that comprises either of the competing VPN protocols of OpenVPN or IKEv2/IPsec. This advantage also makes it well suited for embedded devices with less computing power, such as a smartphone, router, or even a RaspberryPi.
WireGuard also endeavors to be simple to deploy with an easy installation. Cryptography is state-of-the-art using modern protocols such as Curve25519, ChaCha20, and Blake2. The much shorter code length also makes it a lot simpler to audit than longer length protocols.
...but still early stages
With these obvious advantages, you may be wondering why everyone is not using WireGuard.
Well, some VPN providers have already embraced WireGuard, with Mullvad off to an early start. In fact, WireGuard is its default protocol for Linux, MacOS, Android and iOS users, and it can be enabled for Windows users, too.
NordVPN is also implementing WireGuard as part of its NordLynx project, which offers the NordVPN to Linux users. Other VPNs that use WireGuard’s protocol include AzireVPN, OVPN, TorGuard, and Private Internet Access.
However, some of the biggest VPNs have taken a more wait-and-see approach to implementation of WireGuard. In general, greater speeds for encryption usually come at the expense of lower security and at the time of writing, there are ongoing concerns that WireGuard is still early in development and so may not be as stable as a more mature project. This is why ExpressVPN and some other VPN providers have not implemented WireGuard to date.
Still, it remains an intriguing new protocol, and is off to a promising start.