top | item 46540393 (no title) tatersolid | 1 month ago It never was FIPS-approved and likely will never be. The wireguard protocol used by Tailscale uses ChaCha20 for encryption which is not FIPS approved. discuss order hn newest keepamovin|1 month ago Interesting. What is the FIPS version of wireguard? cronos|1 month ago There are some forks that are not compatible with regular wireguard, for example from wolfssl. Or just classic mTLS. tatersolid|1 month ago > What is the FIPS version of wireguard?IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.
keepamovin|1 month ago Interesting. What is the FIPS version of wireguard? cronos|1 month ago There are some forks that are not compatible with regular wireguard, for example from wolfssl. Or just classic mTLS. tatersolid|1 month ago > What is the FIPS version of wireguard?IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.
cronos|1 month ago There are some forks that are not compatible with regular wireguard, for example from wolfssl. Or just classic mTLS.
tatersolid|1 month ago > What is the FIPS version of wireguard?IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.
keepamovin|1 month ago
cronos|1 month ago
tatersolid|1 month ago
IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.