this post was submitted on 18 Aug 2025
279 points (98.9% liked)

Technology

74153 readers
3808 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
279
VPN company Mullvad reminds users it will no longer use OpenVPN (mullvad.net)
submitted 8 hours ago* (last edited 8 hours ago) by Davriellelouna@lemmy.world to c/technology@lemmy.world
36 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] reisub@discuss.tchncs.de 25 points 6 hours ago (1 children)

I think the idea behind opinionated cryptography is not only the idea of "We think this is the best, so you have to use it", but most importantly it removes all requirements of the protocol supporting cipher negotiation. This makes the protocol much simpler, easier to audit and as a result more secure. And if the cryptography in the protocol ever shows a weakness, then Wireguard v2 needs to be released as a breaking change. See all the SSL/TLS versions

[–] r00ty@kbin.life 9 points 6 hours ago (2 children)

Yep. I entirely agree about the good points. I am just always weary about removing options like this, regardless of intention.

I'd be fine if for example I'm running my own wireguard implementation, I could choose the suite to use, not negotiate anything and ensure my client has the same configuration.

I'd probably not use it, but I like the option, and knowing that anyone that wants to try to break this now also needs to guess what options I'm running.

[–] FauxLiving@lemmy.world 7 points 5 hours ago

knowing that anyone that wants to try to break this now also needs to guess what options I’m running.

Unless your security model has you being specifically targeted by advanced threat actors, the most likely scenario is that you’ll be affected by randomly discovered security vulnerabilities and not individuals tailoring an attack for your configuration.

Obfuscation of your configuration doesn’t add much security and using obscure settings could just as easily result in security vulnerabilities of their own. Vulnerabilities which, due to the obscurity of your configuration, may not be discovered by white hats for much longer.

I know that, if wireguard is exploitable, it’s very unlikely to be me that would be targeted. There are larger and more lucrative targets acting as honeypots for everyone else.

[–] deur@feddit.nl 9 points 6 hours ago

No. You are making assumptions about security and ultimately assuming you're the only one who thought this along the way.