VPNs are complex, and with so much choice on the market and all providers claiming their VPN is the best, subscribing to one is a decision that requires much thought.
When you throw in other elements such as price points and device compatibility before you even get to the more technical aspects of choosing a VPN, it’s easy to overlook what is by far one of the most important considerations: protocols and encryption methods used.
Whilst OpenVPN is currently the industry leader, WireGuard looks to be a worthy contender.
What Is WireGuard?
A VPN protocol determines how your data is routed from your computer to a server. Different protocols have different characteristics—i.e. some are more secure than others—and are better for different tasks.
For example, some protocols prioritize security whereas others prioritize speed. When choosing a VPN, it is important to know what you need it for and choose a VPN that has protocols supporting this.
Although there are many widely-used VPN protocols—SSTP, PPTP, and P2TP/IPSec to name a few—there is one newer protocol that stands out above the rest, WireGuard. It is not yet officially released, but it is set to be the key protocol for the future of VPNs.
Introducing WireGuard, the New VPN Technology
It has been lauded as the next-generation in secure VPN tunneling. As an open-source protocol, WireGuard is a secure network tunnel on the network layer—the third layer on the OSI model of computer networking—for IPv4 and IPv6.
Using modern cryptographic protocols, WireGuard is ultra-secure and is very quickly gaining traction. It is very popular with developers particularly. Initially released for Linux, it is now compatible with multiple platforms and provides some of the strongest encryption that has ever been seen.
What Makes WireGuard Different?
Created by Jason Donerfield, a cybersecurity expert and founder of Edge Security, WireGuard stems from his own root kit exfiltration methods that he used to stay inside networks for extended periods of time without being noticed.
When compared to other popular VPN protocols, it is clear to see just how WireGuard blows them out of the water.
1. It Is Much Smaller
The codebases for other popular protocols such as OpenVPN and IPSec are huge, running to hundreds and thousands of lines of code. This is problematic because it makes finding and troubleshooting bugs and vulnerabilities difficult. Today, bugs and vulnerabilities are still being found in other VPN protocols because their codebases are extremely vast.
In contrast, WireGuard’s code is simple and weighs in at around 4,000 lines of code whereas OpenVPN has close to 100,000 lines. Oh, and OpenVPN also requires OpenSSL which adds on something in the region of 500,000 lines.
Fewer lines of code also means fewer crashes and hangs. Plus, the increased throughput means that it is much better for gaming, video streaming, and other data-intensive tasks.
2. WireGuard Is Simpler to Use
In a world that is constantly becoming more reliant on mobile devices and the growing concerns regarding privacy and censorship, VPN providers now must cater to everybody. VPNs are no longer just for the tech-savvy, they are being used by corporations, technically-challenged users, and casual gamers across all devices.
At the same time, VPN protocols used in most VPN products rely on complex tunneling protocols such as OpenVPN and IPSec. Not only can they be complex and slow to run due to the huge amount of code, but they are also difficult to secure.
WireGuard, however, is small, lightweight, easy to implement on all devices, and operates in ‘stealth mode’, not transmitting data unless it is actually transmitting data.
3. It Has Next-Level Encryption
WireGuard uses a process known as ‘cryptokey routing’ to protect users’ data. It works by coupling together public encryption keys with authorized VPN tunnel IP addresses.
WireGuard also deliberately avoids using so-called “industry standard” algorithms with inherent weaknesses in favor of the latest and toughest options. These include:
- ChaCha20 authenticated with Poly13045
The combination of no configuration options alongside relatively short 256-bit encryption keys has concerned some people, especially given that OpenVPN offers 4,906-bit RSA. When you do the math, though, 4,096-bit key is ridiculously unnecessary.
With 256-bit you need to work through 2256 combinations before cracking it. Considering that most problem sets uncover solutions halfway through, that leaves a whopping 2255 possible failures.
What’s Next for WireGuard?
At the moment, WireGuard is still very, very new. So much so that it is, strictly speaking, unproven. Whilst it has undergone some formal verification for its cryptography, it cannot yet officially be considered secure. At this moment in time, WireGuard is not a real challenger to OpenVPN.
WireGuard’s developers have even gone so far as to say that it is presently an incomplete protocol. You shouldn’t rely on it yet unless, of course, you are using it for testing purposes.
Until it undergoes a proper security audit and is officially released, its safety cannot be guaranteed. The WireGuard team are working towards a stable release, however, but there has been no word of a date.
High Hopes for the New VPN Protocol WireGuard
The current range of robust VPN protocols such as OpenVPN is great. They are fast, secure, and widely accessible. How long they can remain suitable, particularly as tech gets smarter and more people head online, is unknown.
While demand for a lightweight and simple protocol is currently low, this is likely to change over time. It is solutions such as WireGuard that will become the next “industry standard” for VPNs.
This gives WireGuard plenty of time to be developed further. At present, there are key elements missing, such as key distribution and non-handling of key exchange. These shortcomings are under continual development, however, which should eventually make WireGuard more attractive to commercial VPN providers.
But with the long-term future of VPN software doubtful, WireGuard could be the basis for the next generation VPN software.