Re: WebSockets and masking

On Fri, May 19, 2023 at 02:30:50PM -0700, David Schinazi wrote:
> I agree with you that the main motivations for masking don't matter as much
> when WebSocket runs over TLS or QUIC (though AEADs without random IVs allow
> a collaborating client and server to predict the next keymat...). However,
> it's not clear to me why the overhead of masking matters. I wouldn't expect
> the XOR to be visible on CPU traces. Is this masking causing noticeable
> performance issues in your environment?

As note on performance, it is not just XOR (which likely will not run
at anywhere close as fast as it could), it is also generating the random
numbers on client side. Many secure RNGs are very inefficient when
generating 4 bytes at a time. And then there is also possibility that
there are other poorly visible costs, e.g., extra data copying/


Received on Saturday, 20 May 2023 07:56:57 UTC