Re: WebSockets and masking

On Sat, May 20, 2023 at 10:56:47AM +0300, Ilari Liusvaara wrote:
> On Fri, May 19, 2023 at 02:30:50PM -0700, David Schinazi wrote:
> > 
> > I agree with you that the main motivations for masking don't matter as much
> > when WebSocket runs over TLS or QUIC (though AEADs without random IVs allow
> > a collaborating client and server to predict the next keymat...). However,
> > it's not clear to me why the overhead of masking matters. I wouldn't expect
> > the XOR to be visible on CPU traces. Is this masking causing noticeable
> > performance issues in your environment?
> As note on performance, it is not just XOR (which likely will not run
> at anywhere close as fast as it could), it is also generating the random
> numbers on client side. Many secure RNGs are very inefficient when
> generating 4 bytes at a time. And then there is also possibility that
> there are other poorly visible costs, e.g., extra data copying/
> buffering.

Note that there's no real need for a secure RNG here, anything unpredictable
*enough* to permit mass abuse is sufficient.


Received on Saturday, 20 May 2023 08:02:59 UTC