[ad_1]
- Jason A. Donenfeld is the 32-year-old creator of WireGuard, an open-source VPN protocol widely regarded as one of the most secure in the world.
- In 2020, it met with mainstream success and was adopted into the popular Linux kernel, as well as Windows, Mac, iOS, and Android operating systems.
- Donenfeld started the project in 2015 and has spent years building an open source community to support WireGuard.
- He spoke with Business Insider about his journey towards creating WireGuard, his vision for VPN security, and the overwhelming response the project, which is funded entirely by donations, has gotten from developers.
- Visit the Business Insider homepage for more stories.
Jason A. Donenfeld is endlessly curious about everything from ancient cities to cutting-edge cryptography. When not developing WireGuard, known as the world’s most secure VPN protocol, the security researcher enjoys exploring the vast network of centuries-old limestone tunnels beneath Paris.
Donenfeld, who is 32, arrived in Paris in 2010, having landed a summer concert writing shape-wrapping algorithms, then moved completely to the city in 2012, as a vulnerability researcher.
His work in researching vulnerabilities for businesses has led him to question the security of popular VPN protocols. He thought the dizzying complexity, bloated implementations, and often outdated cryptography were a worrying attack surface. In 2015, he started to develop WireGuard.
WireGuard is an open source VPN protocol that has been praised for its high level of security. In the few years Donenfeld developed it, WireGuard was adopted by the main Linux operating system and integrated with Mac and Windows, as well as iOS, Android and others.
Virtual private networks, or VPNs, extend private networks to public networks, allowing data centers across continents to connect directly to each other. They also allow users to send and receive data as if their computers or phones were directly connected to private networks.
This can sometimes be misleading. While businesses and individuals may believe that they are connecting securely through a VPN, this isn’t always the case, in part due to the difficulty of implementing outdated, complex, or insecure protocols like IPSec and OpenVPN.
“When I say that I don’t feel comfortable with OpenVPN or IPSec implementations, it speaks from experience, because I’ve found a lot of bugs in this type of software,” he says.
He said the time he spent breaking into the systems also gave him a good idea of how to defend them.
“The way you evade detection on a network can be a very similar problem to the way you prevent attackers from knowing your box,” he said.
Part of WireGuard’s appeal is how it maintains security in different ways, thereby eliminating entire classes of vulnerabilities. It is at high speed. It uses defense-in-depth techniques, a series of layered mechanisms to protect data and information. And it’s stealthy, transmitting data only when needed and remaining invisible when people search its servers.
Moreover, it is easier to audit. Unlike other VPN protocols, WireGuard has less than 4,000 lines of code, which means security researchers can examine the entire code base for vulnerabilities in a single afternoon. And they often do.
‘It’s a community project’
Last year, WireGuard was merged with the influential Linux kernel, which led to widespread adoption on Windows, macOS, iOS, Android and OpenBSD, in addition to Linux distributions such as Canonical’s Ubuntu, Debian, Oracle Linux , CentOS from Red Hat and Fedora and SUSE Linux.
Getting there was not easy. Donenfeld wanted to have a unique and cohesive design where he could take every decision with care, looking at every piece. So he spent some time developing WireGuard himself before its release, he said, only sharing the code with a few friends and cryptographers.
“He first contacted me out of the blue when he was developing WireGuard and he had developed a cryptographic protocol and he wanted me to review it. I proposed small changes, but what he did initially was already very good, “said Jean-Philippe Aumasson, cryptographer, author and co-founder of the security company Taurus Group SA.
Donenfeld presented WireGuard at Mozilla’s Kernel Recipes conference in 2017.
Courtesy of Jason A. Donenfeld
But Donenfeld wanted to completely change something as fundamental as the crypto architecture of Linux, and he met some resistance. Linux is extremely popular, so drastic changes could be disruptive. To get to where he wanted to be, he had to start small, with incremental changes, and engage with and integrate the ideas of others.
“This is how core development is done in general – it’s a community project; you have to come to a consensus, ”he said. “There’s a big difference between releasing open source code and saying ‘there you are,’ disappearing into a cave and actually interacting with this world. I chose to interact with him really intimately, which means a lot of interaction and understanding how each facet works. “
The process involved working with other developers and researchers and lecturing at conferences including Kernel Recipes at Mozilla’s Paris headquarters to connect with the developer community while creating WireGuard.
“I didn’t want to compromise on the safety of the intermediate parts. I didn’t want WireGuard to depend on something with below average security when I promised to fix it “later”. This is never acceptable to me. So finding something that was both scalable so that it was merged but also aligned with security ideals was a very difficult process, ”he said.
Donenfeld also wrote a compatibility layer for WireGuard, so people can load code into their own kernels – the deepest depths of an operating system – before it’s sent upstream. This involved the formidable task of writing kernel code compatible with variants and versions of Linux dating back to 2013. But it meant that by the time Donenfeld was ready to put WireGuard back together, people were already using it.
The exchange of ideas
Donenfeld’s track record is not the norm in the industry, but his intense curiosity and drive may have worked in his favor.
“There is a really well-defined pipeline that allows people to access professional crypto jobs and gain status in the crypto community,” said Thomas Ptacek, security researcher and director at Fly. io. “It usually involves getting a degree, followed by a graduate degree in a program run by a very well-known cryptographer, and then working for a long time in a research lab after graduation.”
In contrast, Donenfeld earned a degree in mathematics and philosophy from Columbia University in New York after growing up in Cincinnati. Although his background is atypical, Donenfeld still managed to produce the first formally verified VPN protocol, which means it has been mathematically proven to be secure.
Donenfeld works on WireGuard primarily from his home, the top floor of an apartment building that appears to have been converted from several maid’s rooms – single rooms once intended for maids – put together. Before the pandemic, he worked from different rooftops and cafes all over Paris, bringing his Linux laptop with him as he explored the city.
When he’s not coding, Donenfeld is part of the Parisian jazz scene. He rocks an D’Angelico NYSS-3 guitar and has performed around town at clubs like Le Caveau des Oubliettes. Lately, he says, he’s been listening to John Coltrane and Bill Frisell a lot.
WireGuard is also fully funded by donations, atypical in the software industry. In appreciation to donors, Donenfeld said he sent thousands of stickers with WireGuard’s logo, which was inspired by a stone engraving of the ancient Greek mythological python he saw while visiting a museum in Delphi.
It’s only been a few years, but Donenfeld said he received enough donations to work on WireGuard full-time and to fund other developers working on specific aspects of it, but he said the project was still trying to last another year.
“I have received job offers from companies in Silicon Valley that would certainly allow me to lead a more financially rewarding life than being an open source author,” he said.
If he finds out that he doesn’t have the funds to improve WireGuard, he can always turn to freelance security jobs.
Donenfeld’s goal is to continue to develop high quality, professional, free open source software that the whole community can benefit from.
“Opening something up and interacting with this community is really just a great way to improve software, and it allows for a great exchange of ideas,” he said.
[ad_2]
Source link