Wireguard specifically was not designed for enterprise use, quite the opposite, and enterprise has to do quite a bit of wrapping around it to ensure keys are rotated and this is why tailscale has become so popular.

> Instead of reconstructing existing protocols, we built one from scratch. One that’s designed around what actually matters to you: security and performance.

Sigh.

AEGIS-256X2 can be hardware accelerated but its not really any stronger in the end than ChaCha20-Poly1305. The limitations of that hardware acceleration are not even felt in my experience on single-client connections, and its really the server where you see the pain.

Did surfshark just rewrite or vibe code wireguard with a new encryption algorithm?

▲

Croftengea 9 hours ago | parent [-]

> Did surfshark just rewrite or vibe code wireguard with a new encryption algorithm?

Then it would be outright lie to say "We started with a clean slate."

	▲	panikal 9 hours ago \| parent [-]
		A clean slate can mean anything, they chose AEGIS-256X2 because it can be hardware accelerated so its not exactly a clean slate if you use pre-existing tech in your stack. The line is drawn somewhere, and some giant somewhere is providing shoulders to stand on... If they literally meant just the VPN layer then anyone with privacy/security in mind should pass since its proprietary and can never be reviewed for backdoors. Anyway this article was written by AI so who knows how factually accurate it is.