Score:2

What is the purpose of the WireGuard handshake mac1 field?

rs flag

The mac1 field in the WireGuard handshake messages is populated as:

msg.mac1 := Mac(Hash(Label-Mac1 || Spub_m'), msgA)    // first arg is MAC key

Label-Mac1 is a constant, Spub_m' is the static public key of the peer, and msgA is the bytes of the message before the mac1 field.

I don't understand the purpose of this, given that every part of the MAC key is public knowledge (a constant and a static public key, which is handed out to peers out-of-band). The WireGuard whitepaper specifically says that Hash(Label-Mac1 || Spub_m') can be precomputed. What's the point of a MAC with a key that's easily computable from public knowledge? Isn't this MAC no more secure than just a hash of the message?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.