Share this page!

Thomas H. Ptacek Profile picture
Twitter logo
14 Jan, 4 tweets, 1 min read
This is extremely cool. The basic idea: WireGuard is just a network protocol, like any other, and you can drive it from unprivileged userland code… which means you can drive all of TCP/IP from unprivileged userland code, through WireGuard.
Why would you ever want to do that? Well, we expose services on Fly.io over WireGuard (and, for security, over no other interfaces) but not all of our users are going to install OS WireGuard.
But: all of our users have our (Golang) `flyctl` installed, and flyctl can do WireGuard via wireguard-go, and then userland TCP/IP, to be a client of a network service exposed over WireGuard, without installing WireGuard itself.
Obviously, you should just install WireGuard. But for the stuff I’m talking about, perf doesn’t really matter (if it does, again, install WireGuard), and convenience really matters a lot.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Thomas H. Ptacek

Thomas H. Ptacek Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @tqbf

Thomas H. Ptacek Profile picture
9 Jan
This is super smart, and it took me less than 4 minutes to do the same thing for Oak Park, the suburb in which I live.
Illinois makes it super easy to send FOIA requests to any municipality (just look up their FOIA officer’s email); it’s free, and they get just 5 days to respond (10 with a written extension) before you can sue and have them pay your legal costs if you win.
What I’m saying is, not a crazy project to just come up with every police officer in all of Chicagoland who took PTO during the riots in DC.
Read 4 tweets
Thomas H. Ptacek Profile picture
26 Dec 20
This paper is very cool: behavior oracles in interactive systems that reveal successful decryption can, with a bunch of different AEADs incl. GCM and Chapoly, discern which specific key was used in something resembling log k queries. eprint.iacr.org/2020/1491.pdf
It’s based in part on the idea of “non-committing AEADs”, which are, roughly, AEADs where the specific key used to encrypt isn’t encoded into the output. For something like GCM, this means it’s straightforward to generate K_1, K_2, and C which decrypts under K_1 and K_2.
I found Shay Gueron’s writeup on key committing AEADs to be pretty accessible (I’m just reading casually), with worked examples. eprint.iacr.org/2020/1153.pdf
Read 14 tweets
Thomas H. Ptacek Profile picture
16 Nov 20
Mudge is the new head of security at Twitter, which got me talking about cDc, hacking groups, cliques, and the distinctions between them. I mentioned 8lgm and TESO as examples of hacking groups best understood as hacking groups, unlike cDc.

Someone said: “never heard of them”.
This creates an opportunity for me to talk again about my favorite exploit of all time, unquestionably a part of the canon of our field.
The year is 1995 and BSD Unix runs the Internet. The most important hacking target is SunOS 4.1.3; every network you want to get on is running it somewhere, and often everywhere.

The most important SunOS security research group: 8lgm.
Read 19 tweets
Thomas H. Ptacek Profile picture
16 Nov 20
Kind of crazy watching the orange site, which believes I’m an NSA stooge, fall over itself arguing that publishing DKIM keys to provide deniable email would be a grave injustice, depriving “activists and historians”.
This is what happens when you have a culture that attempts to derive everything axiomatically, just moments after reading something. They forget that deniable messages are literally part of the premise of messaging cryptography. otr.cypherpunks.ca/otr-wpes.pdf
This is currently the top comment on the thread. Again: these people think I’m a shill for NSA.
Read 6 tweets
Thomas H. Ptacek Profile picture
19 Oct 20
So here is a paragraph.
We live in… times.
I love this article so much.
Read 8 tweets
Thomas H. Ptacek Profile picture
16 Mar 20
Welp it’s 6PM and the one judge with the key to our equipment is nowhere to be found so this is all going great.
Also according to the signal strength indicator it’s possible I moved our precinct into a faraday cage so go me!
Flash update: we have established contact with the poll tech. Her first question: “do you have the key to the equipment?”
Read 30 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @tqbf has new unrolls!

Check out other threads from @tqbf!

Read all threads by @tqbf