The other day, Surfshark rolled out WireGuard protocol support on its apps for Android, Windows, iOS, and macOS. For end-users, this means more speed with WireGuard managing to best all other VPN protocols.
What’s WireGuard all about?
For those who haven’t heard of it, WireGuard is a relatively new, open-source VPN protocol with lightweight code and strong cryptographic primitives. Whereas OpenVPN — which is currently the dominant VPN protocol — has around 400,000 lines of code, WireGuard has under 4,000. The smaller code base makes it less susceptible to security vulnerabilities as it is easier to manage and configure properly.
WireGuard encrypts user data using:
- ChaCha20 for symmetric encryption, authenticated with Poly1305
- Curve25519 for ECDH
- BLAKE2s for hashing and keyed hashing
- SipHash24 for hashtable keys
- HKDF for key derivation
This tech mumbo-jumbo may doesn’t mean much to you, but it matters big time. While WireGuard is still in the development stage – the speed, ease of use, and state of the art cryptography make for an appealing security solution.
In the case of Surfshark — and all other VPNs that have added WireGuard support — this means that users will get to experience even faster Internet speeds.
What about privacy issues?
Although great, WireGuard does have some vulnerabilities related to protecting users’ privacy. Luckily, Surfshark managed to solve them with the introduction of an additional safeguard.
You see, WireGuard gives users the same static IP address every time they connect — whereas OpenVPN and IKEv2 protocols assign IP addresses dynamically.
Surfshark made sure to fix this by implementing a double network address translation (NAT) system as a solution. This way, users will get a new IP address every time they connect to a VPN server using WireGuard. And since they’re given a different IP address each time, there’s no incentive to save any identifiable data on a server.
With the double NAT method in place, Surfshark can offer a fast, modern, and secure VPN protocol without putting its users’ privacy at risk. And yes, we highly recommend trying it out.