Is the new WireGuard protocol secure?
It's the new kid on the block, but can WireGuard compete with the old guard?
You can drastically improve your security, privacy, and anonymity online by using a secure VPN service, and what’s more, you can even use a virtual private network to unblock sites and streaming content that’s barred in your country.
VPNs create a secure connection to a remote network, so you can send and receive data as if you were directly connected to that remote network. Most VPNs add a layer of strong encryption to keep all the data sent back and forth private.
Some of the best VPN providers that we’ve reviewed include the option to use a new communication protocol called WireGuard. It’s designed to be faster than more established protocols like OpenVPN and IPsec, but is it also secure?
- Want more viewing variety? Here's how to change region on Netflix
What is a VPN protocol?
WireGuard is one of a few VPN protocols in common use today. A VPN protocol defines the rules and specifications of the communication between your local network and the remote network, such as the type of encryption that will be used and how user authentication works.
VPN protocols often have different priorities. For example, the aged PPTP VPN protocol is very fast, but at the cost of being highly insecure. OpenVPN is very secure, but can be relatively slow. IKEv2 is designed to work particularly well on mobile devices, where the internet connections may frequently switch and can often drop.
How is WireGuard different from other protocols?
WireGuard is a simplified VPN protocol. While protocols like OpenVPN have over 400,000 lines of code, WireGuard has only around 4,000 lines. This makes it easier to audit and harder to find flaws to exploit.
WireGuard uses the latest encryption protocols (ChaCha20, Curve25519, BLAKE2s, SipHash24, HKDF, etc.), making it arguably more secure than older, more established VPN protocols.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
From a user’s point of view, the clearest benefit of WireGuard is a faster connection time. WireGuard delivers extremely fast VPN connections that are virtually instantaneous to connect, whereas OpenVPN can take 10 seconds or more to do the same. You should also get a more reliable connection and better battery life when using a WireGuard VPN on a mobile device.
Has WireGuard been independently audited?
WireGuard is a relatively new protocol, with the stable 1.0 Linux release only going live in 2020. This could be considered a downside, as WireGuard hasn’t been used in production environments for as long as more established protocols.
But WireGuard has been open source since its inception in 2016, so interested security professionals have pored over its code looking for potential issues – and WireGuard’s small codebase makes it easier to find any such problems. A third-party security audit was performed in 2020 and gave WireGuard the all-clear.
Does WireGuard have a weakness?
WireGuard is highly secure, but it’s not designed with privacy in mind.
At time of writing, the biggest privacy weakness that WireGuard has is how it assigns IP addresses. When you connect to a VPN service using OpenVPN or IKEv2, you’re assigned a different IP address each time. WireGuard instead gives you the same IP address each time. This is faster, but it means the VPN server must keep logs of your real IP address and connection timestamps.
For VPN services with a focus on user privacy and anonymity, this makes WireGuard a relatively poor protocol to use out of the box. However, some VPN providers that offer WireGuard have implemented their own systems to get around this flaw. NordVPN, Mullvad, and IVPN all offer their own modified versions of WireGuard that work around the IP address issue, so no connection logs are kept.
Bottom line
WireGuard is a relatively new VPN protocol that’s simple, fast, and secure. Its small codebase and focus on the newest encryption protocols makes it one of the best performing VPN protocols available today.
However, if you plan to use VPN services to keep your browsing private and anonymous, consider that WireGuard by default must keep a record of your IP addresses and connection times on the server. A few VPNs have implemented their own workarounds to this privacy issue, so it is possible to use the secure, fast WireGuard protocol without logs being kept.
What's the best VPN for my Android device?
NordVPN delivers incredible WireGuard speeds
As the biggest name in the VPN industry, it's quite likely you'll have heard of NordVPN. Thankfully it's not all hot air, as Nord delivers a premium service that's hugely secure and great for streaming – and its WireGuard-based NordLynx protocol is one of the very fastest on the market.
With excellent apps on just about every device and stellar customer support, it's one of our top recommendations. Plus, at just $3.71 a month with a 30-day money back guarantee, it's excellent value, too.
Richard is a technology writer with over 20 years experience in website development, marketing, and SEO. A graduate in Computer Science, he has lectured in Java programming and built software for companies including Samsung and Walmart. Richard writes for TechRadar, IT Pro, Tom's Guide, and PC Gamer.