Surfshark Tames Wireguard IP Security Issue

Surfshark logoSurfshark has announced that it has now finished rolling out the Wireguard VPN protocol across all operating systems. As reported here on VPN Briefing, Wireguard is a super-slim VPN protocol that has taken the online security world by storm.

Whereas OpenVPN has around 40,000 lines of code; WireGuard has less than 4000. But Wireguard had an initial security issue in that it uses a static IP address, not dynamic IP addresses which are inherently more secure. Surfshark has now created a secure Wireguard implementation.
As the Surfshark blog explains: “Using high-speed cryptographic primitives. In hopes to outperform established VPN protocols, WireGuard encrypts your data using thoroughly tested, modern protocols and primitives:

  • ChaCha20 for symmetric encryption, authenticated with Poly1305
  • Curve25519 for ECDH
  • BLAKE2s for hashing and keyed hashing
  • SipHash24 for hashtable keys
  • HKDF for key derivation
  • Connection handshakes taking place every few minutes. It provides rotating keys for perfect forward secrecy. The quote-on-quote connectionless protocol minimizes packet loss during handshakes while providing users with smooth performance.

“Simply put, WireGuard stands out in the overly engineered landscape of VPN protocols. And while it’s still in the development stage, the speed, ease of use, and state of the art cryptography make for an appealing security solution.”

Surfshark Creates A NAT Solution

While OpenVPN and IKEv2 assign IP addresses dynamically, WireGuard gives you the same static IP address every time you connect.

Since storing users’ identifiable information jeopardises their privacy, Surfshark has implemented a double network address translation (NAT) system as a solution. This assigns you a dynamic IP address every time you connect to a VPN server using WireGuard. As you’re given a different IP address each time, there’s no incentive to save any identifiable data on a server.

With the double NAT method in place, Surfshark provides a fast, modern, and secure VPN protocol without putting your privacy at risk.

