What is the purpose of the WireGuard handshake mac1 field?

undermountain

8/27/23, 3:06 AM

The mac1 field in the WireGuard handshake messages is populated as:

msg.mac1 := Mac(Hash(Label-Mac1 || Spub_m'), msgA)    // first arg is MAC key

Label-Mac1 is a constant, Spub_m' is the static public key of the peer, and msgA is the bytes of the message before the mac1 field.

I don't understand the purpose of this, given that every part of the MAC key is public knowledge (a constant and a static public key, which is handed out to peers out-of-band). The WireGuard whitepaper specifically says that Hash(Label-Mac1 || Spub_m') can be precomputed. What's the point of a MAC with a key that's easily computable from public knowledge? Isn't this MAC no more secure than just a hash of the message?

0 + 0

mac

protocol-design

wireguard

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What is the purpose of the WireGuard handshake mac1 field?

TH: จุดประสงค์ของฟิลด์ WireGuard handshake mac1 คืออะไร

RO: Care este scopul câmpului WireGuard handshake mac1?

RU: Какова цель поля рукопожатия WireGuard mac1?

VI: Mục đích của trường mac1 bắt tay WireGuard là gì?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.